TXHunter

Performs Endpoint Forensic Investigations Remotely

TXHunter provides an easy to use and convenient tool for conducting threat incident investigations remotely. If any endpoint system or server is suspected of having been attacked, TXHunter can simply take a snapshot of the suspicious system and automatically conduct an incident investigation. If the investigation process identifies suspicious files or URL links, it will automatically launch the TXSandbox for a behavior analysis. 

One of the key benefits of TXHunter is that it reduces the required skill level to do advance attack and malware analysis, speeds up the analysis process and helps identify advanced threats which can bypass the core defenses.

HOW DOES IT WORK?

Step 1 – Download the disposable one-time agent and run it on the target system

Step 2 - Collect data from the system and send to TXHunter server

Step 3 – Forensic analysis on collected data, and may request additional suspect objects from the target system

Step 4 – Generate a report includes verdicts and security posture measurement

WHAT DOES TXHUNTER COLLECT?

TXHunter automatically collects system, process, network, autorun, event, policy, file, and kernel information from the system being investigated. This data is analyzed for suspect activities and any associated file objects found are uploaded to the server for full dynamic analysis.

DEPLOYMENT

TXHunter supports flexible on-premise deployments for maximum data protection and confidentiality, where the only external communications used are queries to customer configurable external threat intelligence sources. Private and Public Cloud hosting options are also available such as for AWS.  It doesn’t require Microsoft Windows licenses which can save considerable costs for large deployments.