Dumper
  • 10 Feb 2023
  • 1 Minute to read
  • Contributors
  • Dark
    Light

Dumper

  • Dark
    Light

Article summary

The Dumper service provides the ability to do dumping of several forensic artifacts on Windows hosts..

It supports a single action, which is to dump. It also supports multiple targets, memory to dump the memory of the host and mft to dump the MFT of the filesytem to CSV.

The Service then automates the ingestion of the resulting dump and dump metadata to LimaCharlie's Artifact collection page artifact storage where it can be downloaded or analyzed and where you can create D&R rules to automate detections of characteristics of those dumps.

REST

Dumping

{
  "sid": "70b69f23-b889-4f14-a2b5-633f777b0079",
  "target": "memory",
  "retention": 7,
  "ignore_cert": false
}

Was this article helpful?

What's Next