drop security evtx csv and registry export · detect safe boot configuration changes · identify services added to safe boot mode bypassing security software · surface safe boot abuse for anti-forensic purposes · runs locally
evtx / registry
drop security evtx csv or registry export (multi-file)
or click
safeboot\minimal + network inventory · 4657 registry mods · bcdedit safeboot 4688 · ~200 service whitelist
drop security evtx csv and registry export