James Lovato
Mind the MPLog: Leveraging Microsoft Protection Logging for Forensic Investigations
In an incident response investigation, CrowdStrike analysts use multiple data points to parse the facts of who, what, when and how. As part of that fact-finding mission, analysts investigating Windows[…]
SuperMem: A Free CrowdStrike Incident Response Tool for Automating Memory Image Processing
Performing memory analysis in incident response investigations can be tedious and challenging because of the lack of commercial options for processing memory samples, no all-in-one open-source tools t[…]