Forensic Data Types
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Forensic Data Types
When a security event occurs on an endpoint, Traps can
collect the following information:
Forensic Data Type | Description |
---|---|
Memory Dump | Contents of memory locations captured at
the time of an event. |
Accessed Files | Files that are loaded in memory under the
attacked process for in-depth event inspection including:
|
Loaded Modules | PE image files that are loaded on the system
at the time of a security event. |
Accessed URI | Network resources that were accessed at
the time of the security event and uniform resource identifier (URI)
information. The Traps agent can collect accessed URI from
Internet Explorer and Firefox browsers only. When an event occurs
that is related to other browsers (for example, Microsoft Edge),
you will not be able to access URI data for further analysis. Collected
information includes:
|
Ancestor Processes | Information about ancestry processes—from
browsers, non-browsers, and Java applet child processes—at the time
of a security event including:
|
To customize which types of files are collected, Create a Forensics Rule.