Choose from our products packs below.
Scenario We demonstrate Tachyon integration with a number of forensic frameworks, including the Rekall memory forensic framework. Running processes are retrieved and we note that terminated processes are also listed, a capability that would not be available by using conventional Win32 or WMI queries. We then also demonstrate the retrieval of loaded DLLs and their association with processes, again using in-memory forensics. Other frameworks are also demonstrated, including the Windows 10 SRU database, the OSQuery subsystem and the FTK Imager toolset.