eDetector is an endpoint digital evidence collection system. It aims to
execute artifacts collection and program analysis with minimal influence to the target's operation
while it's turned on. The artifacts collected range from server
history, recently opened files, USB usage history, program execution artifacts, etc. Along with the
file $MFT and keyword search, the IR team can identify suspicious sources and preserve related
evidence for further analysis.
eDetector
could also detect program's behavior artifacts in the memory, including code injection, hidden
programs, core interception, connecting history, etc. Through behavioral analysis, eDetector is able
to warn and draw up program connections,
spotifying hidden threats in time for the users to respond to different kinds of attacks.
Description |
---|
|