A while back, I discussed how memory could be used as an ultimate form of the log as long as the analysis workflow and process is smooth. This blog post will start by explaining the blind spots created by event-driven detection solutions such as Endpoint Detection & Response (EDR), and how this can be balanced by using Comae DumpIt + Stardust as part of an incident response & compromise assessment strategy.
