Automate memory dumps at scale
LimaCharlie automates the collection and processing of memory dumps at scale. The Dumper service facilitates the export of various forensic artifacts on Windows hosts. It offers a single 'dump' action with multiple target options. You can choose to 'dump memory' to capture the host's memory or 'dump MFT' to export the filesystem's Master File Table to CSV.
The Service efficiently manages the ingestion of these dumps and associated metadata into LimaCharlie's artifact storage. Here, you can easily download or analyze the data and create Detection and Response (D&R) rules for automated identification of characteristics within these dumps. LimaCharlie streamlines your forensic workflow, making it more efficient and straightforward.
