Viewing information about an object placed in Storage by a get data task

To view information about an object placed in Storage by Get forensics, Get process memory dump, Get registry key, Get NTFS metafiles tasks:

1. In the program web interface window, select the Storage section, Files subsection.
2. This opens the object table. In the table, select the object with the icon for which you want to view information.

   This opens the object details window.

The window contains the following information:

• Object—File name or path.
• Size—Size of the file.
• MD5—MD5 hash of a file.
• SHA256—SHA256 hash of a file.
• Record time—Time when the object was placed in Storage.
• Host—Name of the host from which the object was received.

You can click Download to download the file to your computer's hard drive.

Clicking the link with the file name or file path opens a list in which you can select one of the following actions:

• Find events.
• Find alerts.
• Copy value to clipboard.

Clicking the link with MD5 opens a list in which you can select one of the following actions:

• Find on TIP

  Kaspersky information system Contains and displays reputation information for files and URL addresses.

  .
• Find events.
• Find alerts.
• Create prevention rule.
• Copy value to clipboard.

Clicking the link with SHA256 opens a list in which you can select one of the following actions:

• Find on TIP.
• Find on virustotal.com.
• Find events.
• Find alerts.
• Create prevention rule.
• Copy value to clipboard.