The Only Digital Forensics Tool You Need For Intrusions

Complete threat investigation done for you with speed, accuracy, and simplicity.

Talk to an ExpertDownload Free Trial

Trusted by global organizations committed to security

Cyber Triage digital forensics tool makes your investigations more efficient using automated scoring and recommendations. If you are a SOC analyst, consultant, or law enforcement officer, Cyber Triage will maximize the artifacts per second that you process and ensure you get the attackers out quickly.

Digital Forensics Tool Diagram Detailing How Cyber Triage Works

Digital Forensics Tool for the Cyber First Responder

Cyber Triage makes your incident response efforts more efficient when you are working around the clock to get attackers out.

It has 4 core concepts to make you as fast and comprehensive as possible:

  • Collect the relevant artifacts from live running Windows systems and send results to a server, S3 bucket, or USB drive.
  • Prioritize the artifacts using a variety of scoring techniques and algorithms to identify those that are associated with an intrusion.
  • Recommend additional artifacts based on what the user tags.
  • Collaborate with your team about your findings and share your results.

Cyber Triage’s flexibility allows it to integrate with SIEM/SOAR systems, leverage cloud infrastructure, and be used by both internal SOCs and MSSPs.

Maximize Your Artifacts Per Second

The key to getting attackers out is being able to quickly process lots of data from lots of hosts. This allows you to identify where they are and how they persist.

Cyber Triage allows you to achieve both speed and comprehensiveness:

  • Speed: Artifact scoring allows you to quickly focus on the small set of artifacts that are relevant. Don’t waste your time on normal activity.
  • Comprehensive: Thousands of artifacts are collected to look for malware and account takeovers. The recommendation engine makes sure you know about related items.

Cyber Triage’s automation makes you as fast as possible. In the words of 13Cubed, “It’s almost to the point of point and click forensics.”

10x

Faster Investigations

40+

Malware Scanning Engines

1

Click Reporting

Collect Comprehensive Evidence

Cyber Triage’s collection tool focuses on the artifacts needed for intrusion investigations. It saves time by making copies of only the important data from the live system, disk image, or memory image.

It is regularly updated based on attack trends and can be deployed from the Cyber Triage server, EDR, or USB.

Learn More

Score Artifacts to Detect Threats

Cyber Triage analyzes the artifacts and assigns a score based on how likely they are to be from an intrusion. This makes the investigation faster because you can focus on the bad and suspicious items and ignore the thousands of irrelevant ones.

The scoring methods are updated regularly based on attack trends and threat intelligence. It includes coverage from 40+ malware scanning engines.

Learn More

Recommend Additional Artifacts

As you dig deeper to identify root cause, Cyber Triage will recommend related artifacts. For example, calling out that a network connection came from a process that had a triggered task.

Cyber Triage helps you get to the root cause with a timeline of the system, a view of the folder structure, and the ability to pivot between artifact types.

Learn More

Collaborate Within The Team

Collaboration and integration are critical to fast responses. During the investigation, Cyber Triage allows multiple investigators to work on the same incident and pull in data from past cases to determine relevance. At the end, you can generate a report to distribute.

At any time, Cyber Triage can integrate with SIEM and SOAR systems to start collections or export results.

Learn More

See it in Action

This review by SANS instructor and YouTuber Richard Davis (13Cubed) provides a complete overview of our digital forensics tool, focusing on memory forensics and the Volatility integration.

More Videos

Rave Reviews

Zakaria N

IT Manager
5/5

“I recommend because it's easier to access, analyze and ensure complete threat assessment making it fast to solve an incident.”

Eliud M

IT Manager
5/5

“I highly recommend this software to detect new network alerts and investigate end points as well as determine severity and scope.”

Indars S

Documentum Consultant
4/5

“User friendly solution that saves time because it is agentless, fully automated and focused on triage principles. Doesn't require middle man to process information returned by the utility, as all is processed in real time and reports generated."

Poonam K

Senior Consultant
5/5

“I like that it is easy to understand and does not need forensic experts to decode the issues in end point devices, also it is agentless which removes the hassle of installing a piece of code on end user systems.”

Use Cases

Internal IR / SOC Teams

Whether your organization has a team of people dedicated to incident response or a single do-it-all security professional, you need to be able to quickly, comprehensively, and easily investigate, remediate, and report on threats.

Cyber Triage’s automated collection, scoring, artifact correlation, and easy reporting allows cyber first responders to quickly come to conclusions and communicate them to management. Cyber Triage collects intrusion data from every relevant location compares it against past incidents and global threat intelligence, ensuring comprehensive investigations. Designed to make everything about incident response straightforward, even green thumbs can create a data-based story of an incident.

Learn More

diagram showing how digital forensics tool-Cyber Triage works for Internal IR Teams

Use Cases

Consultants / MSSPs

Incident response consultants have hard jobs.

You need to identify and scope an incident quickly, yet you lack visibility into the company’s network and systems. To respond effectively, you must learn what is normal in an unfamiliar environment, using easily deployed infrastructure to quickly evaluate and prioritize potentially compromised systems.

Cyber Triage’s non-persistent agent offers endpoint visibility with bring-your-own infrastructure. Even when you don’t have this information upfront, Cyber Triage helps you contextualize evidence, and its automated collection and analysis processes help you quickly evaluate the situation and prioritize the investigation. And, because it’s licensed per responder (not per endpoint), it scales across any size organization.

Learn more

diagram showing how digital forensics tool -Cyber Triage works for Consultants

Use Cases

Law Enforcement

Law enforcement officials have unique challenges when dealing with intrusions.

You need to identify the cause of an intrusion while maintaining the court admissibility of the evidence. And they need to work with investigators who are not focused solely on cyber threats.

Many digital forensics tools were designed for corporate enterprises and assume that users have a live computer and can use software agents. Cyber Triage is uniquely designed for law enforcement-use cases because it is built on digital forensics tools that are used in courts, is agentless, and can analyze disk images. And its intuitive interface makes it easy for non-cyber specialists to review results.

Learn more

diagram showing how digital forensics tool- Cyber Triage works for Law Enforcement