Core features: Collects volatile and file system data Analyzes memory images using Volatility Generates HTML and CybOX reports. Related How To Investigate Endpoints with Cyber Triage and Windows Defender DFIR Next Steps: What to do after you find a suspicious Windows Network Logon Session Windows Scheduled Tasks for DFIR Investigations DFIR Next Steps: What To Do When You Find Mimikatz Was Run