Contents x
    Dumper
    • 10 Feb 2023
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents
      This documentation version is deprecated, please click here for the latest version.

    Dumper

    • Updated on 10 Feb 2023
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    The Dumper service provides the ability to do dumping of several forensic artifacts on Windows hosts..

    It supports a single action, which is to dump. It also supports multiple targets, memory to dump the memory of the host and mft to dump the MFT of the filesytem to CSV.

    The Service then automates the ingestion of the resulting dump and dump metadata to LimaCharlie's Artifact collection page artifact storage where it can be downloaded or analyzed and where you can create D&R rules to automate detections of characteristics of those dumps.

    REST

    Dumping

    {
  "sid": "70b69f23-b889-4f14-a2b5-633f777b0079",
  "target": "memory",
  "retention": 7,
  "ignore_cert": false
}
    Was this article helpful?
    What's Next