MultiMon: Advanced System Monitoring DFIR Suite

 

System monitoring is a crucial layer in forensic investigations, especially when testing malicious software to observe what changes occur before and after execution. We’ve already discussed several tools, but MultiMon is different from the others we’ve mentioned so far.

You might wonder why? Let me explain.

Unlike other tools that focus primarily on monitoring registry and file changes, MultiMon offers much more comprehensive monitoring. It not only tracks registry and file changes but also provides in-depth monitoring of:

• System Objects

• Devices

• File Systems

These additional capabilities are critical for forensic investigators and researchers. They enable the identification of new evidence related to malware execution, such as:

• Files Created, Deleted, or Modified

• System Calls (e.g., Read/Write operations)

• Devices and Objects Interactions

By capturing these granular details, MultiMon provides a more complete picture of the malware's behavior, making it an essential tool for identifying hidden artifacts and documenting the full scope of an attack.