CrowdStrike Falcon® Forensics
Falcon Forensics streamlines the collection of point-in-time and historic forensic data for robust analysis of cybersecurity incidents and periodic compromise assessments.
Download data sheet
The Single Solution for Collecting and Analyzing Detailed Forensic Data
Simplify forensic data collection and analysis
Falcon Forensics offers comprehensive data collection while performing triage analysis during an investigation. Forensic security often entails lengthy searches with numerous tools. Simplify your collection and analysis to one solution to speed triage.
Accelerate triage analysis with preset dashboards.
Incident responders can respond faster to investigations, conduct compromise assessments along with threat hunting and monitoring with Falcon Forensics. Pre-built dashboards, easy search, and view data capabilities empower analysts to search vast amounts of data, including historical artifacts, quickly.
Speed response time and hone in on attacker activity.
Falcon Forensics automates data collection and provides detailed information around an incident. Responders can tap into full threat context without lengthy queries or full disk image collections.
How Falcon Forensics Works
Extended Visibility with Preset Dashboards
- Provides incident responders a single solution to analyze large quantities of data both historically and in real-time to uncover vital information to triage an incident.
- Identify attacker activity quickly with several preset dashboards to serve up specific information around an incident.
- See trends for the past 24 hours with the Deployment Status Dashboard.
- Examine a high-level view of telemetry within a single system with the Host Info Dashboard.
- Use the Windows Hunting Leads to quickly identify potential misconfigurations and hacker activity with preset panel groupings.
- Gather and analyze multiple artifacts for a single system and timeframe in the Host Timeline Dashboard. Use this dashboard to get a visual representation of artifacts for a specific timeline of events.
Augment Expertise with Full Threat Context
- Automate data collection and eliminate lengthy queries with a convenient console to view relevant artifacts pertaining to your research.
- Enrich forensic data automatically by correlating collected artifacts with intelligence data streams.
- Track attacker activity by analyzing the Master File Table (MFT), shim cache, shellbags, and other artifacts within your organization.
- Utilize query capabilities within preset dashboards to zero-in on specific attacker activity.
- Uncover attacker activity that may have occurred before Falcon EDR monitoring.
Eliminate Complex Processes
- Manage large scale deployments with ease. Deploy Falcon Forensics at any scale, from tens to hundreds of thousands of endpoints.
- Falcon Fusion's integrated SOAR framework automates scans, accelerating MTTR and simplifying operations.
- Leverage the CrowdStrike Cloud for processing.
- Utilize CrowdStrike Real Time Response for fast deployment and decisive remediation.
Robust Artifact Collection Types
- Falcon Forensics collects a comprehensive set of artifact types to support incident response teams’ investigations. Data types include: directory and file metadata, file hashes, network data, detailed process listings, services and drivers enumeration, environment variables, scheduled tasks, users and groups information.
- Web browser data collection
- Event log information
- Registry information
- Process execution artifacts
- Common persistence mechanisms
Why Falcon Forensics
Eliminate the tools and clunky forensic security solutions once and for all. Falcon Forensics simplifies forensic data collection and analysis, providing IR teams a single, robust solution to triage incidents fast. How? Read below:
– simplify forensic data collection and analysis in one single solution
– accelerate triage analysis with preset dashboards
– reduce deployment complexity with crowdstrike’s real time response
– save valuable time with customizable dashboards and queries
– use the cloud for processing
– leaves minimal trace with dissolvable executable
Incident Response Service to further Speed Incident Investigation
Incident Response Services
The CrowdStrike IR team takes an intelligence-led, teamwork approach that blends real-world IR and remediation experience with cutting-edge technology, leveraging the unique CrowdStrike Falcon® cloud-native platform
Incident Response for Remote Workers
Join CrowdStrike Director of Professional Services James Perry as he discusses the heightened security challenges organizations are facing as they adjust to a remote workforce model.
Endpoint Recovery Services
CrowdStrike Endpoint Recovery Services delivers the right combination of technology, intelligence and expertise to assist you with the detection, analysis and remediation of known security incidents and enable rapid recovery with zero business interruption.
Customers That Trust CrowdStrike
Tested and proven leader
CrowdStrike is proud to be recognized a leader by industry analyst and independent testing organizations.
“CROWDSTRIKE DOMINATES IN EDR…”
Read the report to see why CrowdStrike was Named a “Leader” in Forrester Wave for Endpoint Detection and Response Providers, Q2 2022.
Named a Leader
See why CrowdStrike was named a “Leader” in the IDC MarketScape: Worldwide Modern Endpoint Security for Enterprise 2021 Vendor Assessment report.
Since 2016, CrowdStrike has demonstrated a strong commitment to continuous industry collaboration, scrutiny, and testing. Time and time again, CrowdStrike has been independently certified to replace legacy solutions.