Crash triage and memory forensics¶

Runbooks for investigating crash events and memory artefacts: identifying whether a crash represents an exploitation attempt, analysing core dumps and minidumps for shellcode or ROP chains, and preserving volatile memory for further analysis.