When a security event occurs on an endpoint, Traps can
collect the following information:
Forensic Data Type
Contents of memory locations captured at
the time of an event.
Files that are loaded in memory under the
attacked process for in-depth event inspection including:
DLL retrieval including their path
Relevant files from Temporary Internet Files folder
Open files (executables and non-executables)
PE image files that are loaded on the system
at the time of a security event.
Network resources that were accessed at
the time of the security event and uniform resource identifier (URI)
The Traps agent can collect accessed URI from
Internet Explorer and Firefox browsers only. When an event occurs
that is related to other browsers (for example, Microsoft Edge),
you will not be able to access URI data for further analysis.
URIs including hidden links
and frames of the relevant attacked threads.
Java applet source URIs, filenames and paths, including parents, grandparents,
and child processes
Collection of URI calls from browser plug-ins, media players,
and mail-client software
Information about ancestry processes—from
browsers, non-browsers, and Java applet child processes—at the time
of a security event including:
Separate sources and
destinations for Thread Injection