Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Where are memdumps stored on Carbon Black Response server after Live Response session

Where are memdumps stored on Carbon Black Response server after Live Response session

Version

All

Topic

After performing a Live Response / GoLive session and requesting a memdump, they are uploaded automatically to your Carbon Black Response server.

Q/A

Question 1

When the memdumps are uploaded to your Carbon Black Response server, where are they stored?

Answer

Each Live Response session will create a new subfolder in the following directory:

/var/cb/data/live-response/sessions

This is the directory, as long as you have /var/cb/data as the DatastoreRootDir, which is what it is by default. If you have moved this, check the new location for the /live-response/sessions directory.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-06-2016
Views:
899
Contributors