Fast Intrusion Forensics for Incident Response

Automated incident response software for fast, comprehensive, and easy intrusion investigations

Cyber Triage makes your investigations more efficient using automated scoring and recommendations. If you are a SOC analyst, consultant, or law enforcement officer, Cyber Triage will maximize the artifacts per second that you process and ensure you get the attackers out quickly.

Collect Comprehensive Evidence

Cyber Triage’s collection tool focuses on the artifacts needed for intrusion investigations. It saves time by making copies of only the important data from the live system, disk image, or memory image.

It is regularly updated based on attack trends and can be deployed from the Cyber Triage server, EDR, or USB.

Learn More

Score Artifacts to Detect Threats

Cyber Triage analyzes the artifacts and assigns a score based on how likely they are to be from an intrusion. This makes the investigation faster because you can focus on the bad and suspicious items and ignore the thousands of irrelevant ones.

The scoring methods are updated regularly based on attack trends and threat intelligence. It includes coverage from 40+ malware scanning engines.

Learn More

Recommend Additional Artifacts

As you dig deeper to identify root cause, Cyber Triage will recommend related artifacts. For example, calling out that a network connection came from a process that had a triggered task.

Cyber Triage helps you get to the root cause with a timeline of the system, a view of the folder structure, and the ability to pivot between artifact types.

Learn More

Collaborate Within The Team

Collaboration and integration are critical to fast responses. During the investigation, Cyber Triage allows multiple investigators to work on the same incident and pull in data from past cases to determine relevance. At the end, you can generate a report to distribute.

At any time, Cyber Triage can integrate with SIEM and SOAR systems to start collections or export results.

Learn More

See it in Action

This review by SANS instructor and YouTuber Richard Davis (13Cubed) provides a complete overview of Cyber Triage, focusing on memory forensics and the Volatility integration.

More Videos

Trusted by global organizations committed to security
Rave Reviews