Comae allows IR professionals to diagnose cyber-attacks quickly and efficiently through memory analysis—an area that’s valuable to enterprises and police agencies as they respond to increases in the volume and complexity of cyber incidents.
If you’re already an approved Magnet Idea Lab member, here’s how you can get started with Comae.
Step 1: Register
To analyze dumps, an account must first be registered on the Comae platform. Each user must be registered under the same email as their Magnet Idea Lab email account.
Step 2: Download DumpIt via Download Toolkit
Step 3: Run DumpIt
Extract the toolkit zip file and run DumpIt.exe.
Press “y” to start the acquisition.
When the acquisition is finished you will have a .dmp file in the same folder.
Step 5: Upload your Snapshot
Visit https://beta.comae.tech and upload your .dmp file snapshot by navigating to the folder where the dmp was saved.
Step 6: Automatically Process your Uploaded Snapshot
When your snapshot is finished uploading you will see it automatically processed in the “Latest Snapshots” section at the bottom.
Step 7: Review your results
Click the snapshot in the bottom pane. This will take you to the results view where you can review Processes, Drivers, Syscalls, Objects, Registry and Callbacks within the memory snapshot.
And that’s how you get started with Comae! We hope you find it valuable in your memory analysis. If you have any questions, please feel free to reach out to us here. To learn more about getting started with Comae, check out this post from the Comae Knowledge Base.