Fast & Affordable Forensics for Incident Response
Automated incident response software any organization can use to rapidly investigate its endpoints.
Fast Automate Collection, Analysis, and Correlation
Comprehensive Ensure Complete Threat Assessment
Accessible Make Investigation and Reporting Easy
Trusted by U.S. Federal Law Enforcement and Expert Investigators
Cyber Triage in Your Workflow
When your SIEM, orchestration, or detection system generates an alert, you need to quickly investigate endpoints to determine the severity and scope.

An alert is generated from IDS or SIEM

An endpoint investigation is started from SOAR manually

Cyber Triage is deployed to the endpoint to collect data

Analyst uses Cyber Triage data to find evidence and make decisions
How Does Cyber Triage Work?
Cyber Triage investigates the endpoint by pushing the collection tool over the network, collecting relevant data, and analyzing it for malware and suspicious activity.
Why Cyber Triage?
Every organization needs fast, comprehensive, and easy to use incident response software.
Fast
Manual incident response is slow, leaving the entire organization at the intruder’s mercy.
By automating every phase of the endpoint forensics process, Cyber Triage ensures state-of-the-art remediation speed.
Comprehensive
Cyber threats are constantly evolving, and manual incident response can be inconsistent and incomplete.
Always operating on the latest threat intelligence, Cyber Triage scours every relevant corner of a compromised endpoint.
Accessible
Forensic tools are often confusing, with features not needed for intrusions.
Cyber Triage’s intuitive interface allows even junior staff to analyze data and assemble reports like seasoned responders.
Slow Incident Response Is Dangerous
Cyber Triage Speeds Up the Entire Investigation Cycle.
Poor process efficiency during this critical period is an existential threat, giving intruders the time they need to steal proprietary data, destroy infrastructure, deploy persistence mechanisms, or cover their tracks.

Integrates with SOAR and SIEMs to quickly start an investigation.

Collects malware, user, and system configuration-related data in a single step.

Automatically analyzes collected data for bad and suspicious items. Helps analysts make decisions.

Collects and analyzes data from other hosts that could have been involved in an incident.
Built by forensics experts
- Created by Brian Carrier, who also created the widely used digital forensics software Autopsy and The Sleuth Kit.
- Our parent company, Basis Technology, builds custom and open source digital forensics tools for thousands of worldwide users.
Built for any organization:
- Internal Teams: Investigate alerts from SOARs/SIEMs.
- MSSPs: Investigate client endpoints based on network traffic.
- Consultants: Allow clients to do their own basic response.
- Law Enforcement: Ensure consistent analysis from all agents.