Collect comprehensive data
- Volatile data (including running processes, open ports, logged-in users, active network connections, and DNS cache)
- Malware persistence mechanisms, including startup items and scheduled tasks
- User activity, including what programs they ran, web activity, and logins
- File metadata from all files on the system.
Collection tool details
- Runs on all versions of Microsoft Windows (XP and newer)
- Requires no installation on target systems; it is pushed to live systems as needed or can run directly from a USB drive
- Contained in a single executable, which makes it easy to deploy
- Analyzes disk images in raw or E01 formats
- Uses The Sleuth Kit® forensics library, thereby making collection less vulnerable to typical rootkits and does not modify file access times.
- For more details, including a complete list of collected artifacts, contact us.