MAGNET DumpIt for Windows & MAGNET DumpIt for Linux: Now Available
We are excited to announce that MAGNET DumpIt for Windows is now available as a Magnet Forensics free tool (previously available as part of the Comae Platform beta via the Magnet Idea Lab.) We are licensing MAGNET DumpIt for Linux as an open-source tool and as such you find it on GitHub.
These memory acquisition tools are designed to be super fast, and interoperable, working with existing troubleshooting tools such as Windows WinDbg, drgn or crash but also with our memory analysis platform, Comae, allowing you to perform detailed memory analysis, threat hunting and utilize detection playbooks.
Memory analysis is an extremely powerful practice for incident response and network forensics. Even after malicious code has been removed from the system, evidence of malicious activity can be found through memory analysis, assuming a corporate environment has an archiving strategy for memory images.
MAGNET DumpIt For Windows is Now a Magnet Forensics Free Tool
You can now download MAGNET DumpIt for Windows, a free tool that generates full memory Microsoft crash dumps, from the Magnet Forensics Free Tools page. MAGNET DumpIt for Windows is part of the Comae Memory Toolkit, which includes support for x86, x64 and ARM64 architectures. DumpIt runs in kernel mode, and the dumps can be analyzed by the Comae Platform and tools supporting Microsoft format, such as Microsoft WinDbg. Additionally, DumpIt comes with a PowerShell interface that is documented on the Comae Knowledge Base.
MAGNET DumpIt For Linux is Now Available on GitHub
We have also released a open-source version of MAGNET DumpIt for Linux written in Rust on GitHub. This version leverages the existence of /proc/kcore to create memory dumps and generate an ELF Core Dump file to avoid creating a new format. DumpIt can be analyzed with gdb, crash and drgn and additionally, it has a compressed version as a zst archive which is a fast streaming compression algorithm, making it easier to acquire large memory images. In archive mode, DumpIt also has the ability to collect more files from /proc/.
By releasing memory analysis tools as a free tool, and open-source tool, we are hoping to help the community leverage best practices for memory analysis, threat hunting, and collaboration. By using the right memory analysis tools and formats, such as MAGNET DumpIt and the Comae Platform, malicious activity and malicious code that would otherwise be inaccessible to traditional EDR solutions can be uncovered.
Learn More About Memory Analysis
To learn more about the importance of crash dumps vs. raw dumps for memory analysis (plus a brief history of memory analysis and DumpIt!), check out Matt Suiche’s blog post here.
To learn more about how Magnet Forensics can help you and your incident responders quickly uncover and report on the root cause of cyber security incidents, visit our incident response page for more resources.