New Features

How to Get Started With Comae

We’re excited to introduce Comae to Magnet Idea Lab—giving you a chance to beta test the solution and give us valuable feedback!

Comae allows IR professionals to diagnose cyber-attacks quickly and efficiently through memory analysis—an area that’s valuable to enterprises and police agencies as they respond to increases in the volume and complexity of cyber incidents.

If you’re already an approved Magnet Idea Lab member, here’s how you can get started with Comae.

Step 1: Register

To analyze dumps, an account must first be registered on the Comae platform. Each user must be registered under the same email as their Magnet Idea Lab email account.

The Comae welcome screen

Step 2: Download DumpIt via Download Toolkit

The Download Toolkit link within Comae

Step 3: Run DumpIt

Extract the toolkit zip file and run DumpIt.exe.

How to run DumpIt in the Comae .zip file.

Press “y” to start the acquisition.

Instructions for how to use the command line interface of DumpIt.exe

When the acquisition is finished you will have a .dmp file in the same folder.

Where to find the DumpIt .dmp file after extraction in Comae.

Step 5: Upload your Snapshot

Visit and upload your .dmp file snapshot by navigating to the folder where the dmp was saved.

An example of where to upload a .dmp file snapshot in Comae
A glimpse of what the dialogue box for uploading .dmp snapshots into Comae looks like.

Step 6: Automatically Process your Uploaded Snapshot

When your snapshot is finished uploading you will see it automatically processed in the “Latest Snapshots” section at the bottom.

A look at the upload screen in Comae.
How the latest snapshots and upload area appear in Comae.

Step 7: Review your results

Click the snapshot in the bottom pane. This will take you to the results view where you can review Processes, Drivers, Syscalls, Objects, Registry and Callbacks within the memory snapshot.

A look at where to find your uploaded snapshot in Comae.
The results view in Comae, where you can review Processes, Drivers, Syscalls, Objects, Registry and Callbacks within the memory snapshot.

And that’s how you get started with Comae! We hope you find it valuable in your memory analysis. If you have any questions, please feel free to reach out to us here. To learn more about getting started with Comae, check out this post from the Comae Knowledge Base.

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.