drop sysmon evtx csv and security evtx csv and registry export · detect debugger processes attaching to targets · identify IFEO debugger key abuse · surface anti-forensic debugger use and process redirection · runs locally
drop sysmon evtx csv and security evtx csv and registry export · local only
heuristic screener · vendor schema varies · not definitive proof