TXHunter made memory dump and analysis easy
TXHunter has made memory dump so easy and fast. You can login TXHunter portal, goto investigation center, and type memory dump command, specify the path where you want to store the memory dump, hit execute button to run memory dump. You will see a raw memory dump file in the folder you specified. You can then copy out the memory dump file, or if you specify ftp info at the remote commandline, the memory dump file will be automatically uploaded into the given ftp site, and the local copy will be deleted.
After obtaining the memory dump file, you can use memory analysis tool, such as Microsoft debug tool or volatility from GitHub, or other memory analysis tool for analyze the memory dump file.
You can also goto TXCopilot on TXHunter portal, list all managed agents, find the computer where you want to dump memory from, then talk to that computer, ask it to dump memory. The computer will dump the memory automatically, and upload the memory dump file to TXHunter baskend. TXCopilot will then analyze the memory dump, list all running processes, network connections, registries, command lines with program names and parameters, etc. You will know exactly what's going on when attack happens.
The following video shows you the detail: