It's cool to see orgs like @ComaeIO making it easier to snapshot system memory to facilitate future investigations. This is a powerful idea that adds another landmine for intruders to try to avoid, while giving defenders potentially rich host-centric forensic data. HT @allenmale https://t.co/QqH4pbEX1D— Richard Bejtlich (@taosecurity) April 25, 2019
I just found out about @msuiche's DumpIt and platform for analyzing memory dumps. I don't do forensics that often, but it seriously just cut my workflow from 6 hours to 15 min. Awesome tool.— Carter (@CarterMcKelvain) January 21, 2019
I confirm that Comae has so much innovation in here. This is definitely a quick win solution for servers where we can not contractually apply updates such as ones in plants.— Vincent Le Toux (@mysmartlogon) February 18, 2018
Something between « run the AV » (which detect nothing) and a full month forensic investigation.