Provides incident responders a single solution to analyze large quantities of data both historically and in real-time to uncover vital information to triage an incident.
Identify attacker activity quickly with several preset dashboards to serve up specific information around an incident.
See trends for the past 24 hours with the Deployment Status Dashboard.
Examine a high-level view of telemetry within a single system with the Host Info Dashboard.
Use the Windows Hunting Leads to quickly identify potential misconfigurations and hacker activity with preset panel groupings.
Gather and analyze multiple artifacts for a single system and timeframe in the Host Timeline Dashboard. Use this dashboard to get a visual representation of artifacts for a specific timeline of events.
Augment expertise with full threat context
Automate data collection and eliminate lengthy queries with a convenient console to view relevant artifacts pertaining to your research.
Enrich forensic data automatically by correlating collected artifacts with intelligence data streams.
Track attacker activity by analyzing the Master File Table (MFT), shim cache, shellbags, and other artifacts within your organization.
Utilize query capabilities within preset dashboards to zero-in on specific attacker activity.
Uncover attacker activity that may have occurred before Falcon EDR monitoring.
Eliminate complex processes
Manage large scale deployments with ease. Deploy Falcon Forensics at any scale, from tens to hundreds of thousands of endpoints.
Utilize CrowdStrike Real Time Response for fast deployment and decisive remediation.
Robust artifact collection types
Falcon Forensics collects a comprehensive set of artifact types to support incident response teams’ investigations. Data types include: directory and file metadata, file hashes, network data, detailed process listings, services and drivers enumeration, environment variables, scheduled tasks, users and groups information.
