During a recent investigation our team came across a situation where we needed to take a forensic image of a device on our network. Prior to taking the image, we had hoped to utilize Live Terminal in order to remotely capture a memory dump to get a head start on our investigation. Unfortunately, we ran into several limitations including the file size limitation for downloading files via Live Terminal (500 MB I believe). From an analysis and response perspective, it would be ideal if the XDR Agent had the ability to capture memory dumps on its own. Secondarily, it would also be nice to increase or have the file download option adjustable.
The only way around the limitation would be to develop a customized script and upload it to the XDR script repository within the action center. Has anyone else within the community came across this scenario or have a better idea? Any other suggestions would be appreciated! Thanks in advance.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!