Falcon Forensics

CrowdStrike’s Falcon® Forensics streamlines the collection of point-in-time and historic forensic triage data for robust analysis of cybersecurity incidents. Responders can quickly identify relevant data with preset dashboards to speed investigation.
Download Data Sheet

Benefits

The Single Solution for Collecting and Analyzing Detailed Forensic Data

  • Simplify forensic data collection and analysis

    Simplify forensic data collection and analysis

    Falcon Forensics offers comprehensive data collection while performing triage analysis during an investigation. Forensic security often entails lengthy searches with numerous tools. Simplify your collection and analysis to one solution to speed triage.

  • Accelerate triage analysis with preset dashboards.

    Accelerate triage analysis with preset dashboards.

    Incident responders can respond faster to investigations, conduct compromise assessments along with threat hunting and monitoring with Falcon Forensics. Pre-built dashboards, easy search, and view data capabilities empower analysts to search vast amounts of data, including historical artifacts, quickly.

  • Speed response time and hone in on attacker activity.

    Speed response time and hone in on attacker activity.

    Falcon Forensics automates data collection and provides detailed information around an incident. Responders can tap into full threat context without lengthy queries or full disk image collections.

Features

How Falcon Forensics Works

Extended Visibility with Preset Dashboards

Extended Visibility with Preset Dashboards

  • Provides incident responders a single solution to analyze large quantities of data both historically and in real-time to uncover vital information to triage an incident.
  • Identify attacker activity quickly with several preset dashboards to serve up specific information around an incident.
  • See trends for the past 24 hours with the Deployment Status Dashboard.
  • Examine a high-level view of telemetry within a single system with the Host Info Dashboard.
  • Use the Quick Wins Dashboard to quickly identify potential misconfigurations and hacker activity with preset panel groupings.
  • Gather and analyze multiple artifacts for a single system and timeframe in the Host Timeline Dashboard. Use this dashboard to get a visual representation of artifacts for a specific timeline of events.
Augment Expertise with Full Threat Context

Augment Expertise with Full Threat Context

  • Automate data collection and eliminate lengthy queries with a convenient console to view relevant artifacts pertaining to your research.
  • Track attacker activity by analyzing the Master File Table (MFT), shim cache, shellbags, and other artifacts within your organization.
  • Utilize query capabilities within preset dashboards to zero-in on specific attacker activity.
  • Uncover attacker activity that may have occurred before Falcon EDR monitoring.

How Falcon Forensics Streamlines Forensic Cybersecurity

Eliminate Complex Processes

Eliminate Complex Processes

  • Manage large scale deployments with ease. Deploy Falcon Forensics at any scale, from tens to hundreds of thousands of endpoints.
  • Leverage the CrowdStrike Cloud for processing.
  • Utilize CrowdStrike Real Time Response for fast deployment.
Robust Artifact Collection Types

Robust Artifact Collection Types

  • Falcon Forensics collects a comprehensive set of artifact types to support incident response teams’ investigations. Data types include: directory and file metadata, file hashes, network data, detailed process listings, services and drivers enumeration, environment variables, scheduled tasks, users and groups information.
  • Event log information
  • Registry information
  • Process execution artifacts
  • Common persistence mechanisms

Why Falcon Forensics

Eliminate the tools and clunky forensic security solutions once and for all. Falcon Forensics simplifies forensic data collection and analysis, providing IR teams a single, robust solution to triage incidents fast. How? Read below:
– simplify forensic data collection and analysis in one single solution
– accelerate triage analysis with preset dashboards
– reduce deployment complexity with crowdstrike’s real time response
– save valuable time with customizable dashboards and queries
– use the cloud for processing
– leaves minimal trace with dissolvable executable

Download Data Sheet
Featured Image

Additional Solutions

Incident Response Service to further Speed Incident Investigation

  • Incident Response Services

    Incident Response Services

    The CrowdStrike IR team takes an intelligence-led, teamwork approach that blends real-world IR and remediation experience with cutting-edge technology, leveraging the unique CrowdStrike Falcon cloud-native platform

    Learn More

  • Incident Response for Remote Workers

    Incident Response for Remote Workers

    Join CrowdStrike Director of Professional Services James Perry as he discusses the heightened security challenges organizations are facing as they adjust to a remote workforce model.

    Watch Webinar

  • complex icon

    Endpoint Recovery Services

    CrowdStrike Endpoint Recovery Services delivers the right combination of technology, intelligence and expertise to assist you with the detection, analysis and remediation of known security incidents and enable rapid recovery with zero business interruption.

    Learn More

Product Validation

Customers That CrowdStrike

Third-Party Validation

Since 2016, CrowdStrike has demonstrated a strong commitment to continuous industry collaboration, scrutiny, and testing. Time and time again, CrowdStrike has been independently certified to replace legacy solutions.

  • Positioned as a Leader

    Download this complimentary report to learn the analysis behind CrowdStrike’s positioning as a Leader and what CrowdStrike believes it could mean for your organization’s cybersecurity posture.

    Read the Report

  • Forrester Total Economic Impact

    Falcon OverWatch helps organizations reduce risks and improve efficiencies, resulting in 316% ROI.

    Read the Report

  • HIGHEST SCORE FOR TYPE A

    Learn why CrowdStrike scores highest overall out of 20 vendors for use case Type A or “forward leaning” organizations.

    Read the Report

Since 2016, CrowdStrike has demonstrated a strong commitment to continuous industry collaboration, scrutiny, and testing. Time and time again, CrowdStrike has been independently certified to replace legacy solutions.