Forum Discussion
Windows Defender ATP - Memory Dump
No I won't be at Inspire this year - skipping just one of all the conferences we have ;) But we have great staff there supporting the Windows Security booth.
Your feedback is taken and I will add a +1 to the list of "customers/partners asking for memory dumps"
MicrosoftHi Mats,
we are looking into providing this option. You know that with our latest update we enhanced our sensors with detection capabilities for in-memory and kernel based attacks? Regarding memory dump we received mixed feedback from customers (network bandwith, lack of expertise to analyse those, time consuming...) but I would love to hear your scenario, also do you have branch offices and would you collect dumps from those machines too?
Hi Heike,
Nice talking to you again! Will you come to Inspire? Maybe we can talk on the subject then aswell?
Anyhow, its one feature we see that our customers want. Even if they arent able to do the forensics of the dump, hopefully their IR-partner is able to! ;)
And yes, its requested for Branch Offices aswell. :)
- HeikeRitter
No I won't be at Inspire this year - skipping just one of all the conferences we have ;) But we have great staff there supporting the Windows Security booth.
Your feedback is taken and I will add a +1 to the list of "customers/partners asking for memory dumps"
We very recently went thru Third Party Forensic effort and Memory dump capability is highly required.
… and once the memory dump is acquired , it would be great if the dump could be analyzed directly in the cloud by (just going crazy here) the dump is loaded into a temporary container where for example the Volatility framework is loaded, this so that I don't have to download the dump to my machine.
Cheers
Alex
