A common scenario for SOC’s and IR teams is being handed a piece of evidence and being asked to “Find Evil.” Those on the receiving end know this to be a broad ask. If there is a known good image to compare things to, the process may be easier, but not all organizations have a gold build available for comparison.
Enterprise customers running Microsoft Defender for Endpoint have a lot of capabilities at their fingertips. This includes the Live Response console, a limited command shell to interact with managed Defender assets online.
Magnet RESPONSE is a free tool that lets investigators and non-technical users easily collect and preserve critical data relevant to incident response investigations from local endpoints. A pre-set collection profile enables you to target a comprehensive set of files and data relevant to incident response investigations, including RAM.
If you’re not familiar with infostealer malware—a type of malware specifically designed to locate and exfiltrate credentials—consider yourself lucky. And consider being prepared.
We’re proud to offer a brand-new free tool for your toolkit, Magnet RESPONSE for incident response investigations!
Learn how to get started with Magnet RESPONSE, an evidence collection and preservation tool, targeted towards incident response (IR) cases.
