Collecting Off-Network Responder Log Files

The Off-Network XDR Forensics responder categorizes and stores log files in two locations:

1. At the root of the directory from which the XDR Forensics Off-Network responder is executed.
2. In the ‘bin’ directory which is also found at the root of the directory from which the XDR Forensics Off-Network responder is executed.

At the root of the directory from which the XDR Forensics Off-Network responder is executed, users will find the following log files:

• OFFNETWORK_WINDOWS_AMD64.Log.txt
• OFFNETWORK_WINDOWS_AMD64.Process.Log.txt
• troubleshoot-[TIMESTAMP].zip

In the ‘bin’ directory which is also found at the root of the directory from which the XDR Forensics Off-Network responderis executed, users will find the following log files:

• TACTICAL-Legacy.Log.txt
• TACTICAL.Log.txt
• TACTICAL.Process.Log.txt
• TACTICAL.Error.txt
• AIR.Log.txt
• AIR.Process.Log.txt
• DRONE.log.txt
• DRONE.Process.log.txt

Caution

NOTE: With XDR Forensics v4.4 (responder v2.30) and later, the ‘troubleshoot-[TIMESTAMP].zip’ will always be generated, even if there have been no errors and this file will consolidate all of the other log files shown on this page. This is to make it simple for users to collect and send log files to support if required.