memory credential theft artifact detector — free browser tool | fatcousin

home

drop security evtx csv and sysmon evtx csv · detect credential dumping from memory · identify lsass access patterns · surface mimikatz and other credential dumper indicators · runs locally

evtx csv

drop security · sysmon · system evtx csv

or click

Select file

sysmon 10 · security 4656/4663/4688 — evtxecmd export

drop security and sysmon evtx csv