• Gathering of critical system information, including:
  • System configuration, including OS, patch level, date/time settings, MAC address, processor identification, and uptime
  • File listings
• System registry
• Running processes
• Available services and status
• Event logs
• Open network ports and their associated processes/image paths
• Scheduled tasks
• Gather system information locally via the Agent or install it as a service and retrieve information via network connections from the Console
• Data acquisition pre-filtering: minimize the collected data set to identify specific problems and make network acquisition more efficient
• Data gathered and stored as compressed XML

COMMAND CONSOLE FEATURES

• View data from multiple audits and multiple systems
• “Precision Strike” Forensics: launch audits on deployed Agents and acquire data interactively in real-time using filters to get only what you need
• Tabbed interface for review and flagging of data acquired from deployed Agents, including:
  • Column-formatted, sortable views for all audit data
  • Multiple customizable flags for use in your review process
  • Multi-format display of registry key payloads to assist in searches for hidden information
  • Detailed event view for every gathered data item
  • Analyst notes
• Interactive and automatic report generation

SYSTEM REQUIREMENTS

Agent:

• Windows 2000 or higher
• 400Mhz Celeron or better
• 256MB RAM

Console:

• Windows XP
• 1GHz Pentium 4 or better
• 1GB RAM

close window