Law enforcement officials have unique challenges when dealing with intrusions.
They need to identify the cause of an intrusion, and do so in such a way that it could go to court. And they need to work with investigators who are not focused solely on cyber threats.
Many incident response tools were designed for corporate enterprises and assume that users have a live computer and can use software agents. Cyber Triage is uniquely designed for law enforcement-use cases because it is built on digital forensics tools that are used in courts, is agentless, and can analyze disk images.
Cyber Triage is also:
- Automated collection obtains all of the relevant data from a live or dead system in one step
- Automated analysis highlights bad and suspicious items before the investigator sees the data
- Built-in workflow allows users to mark items as bad and quickly generate a final report.
- Files are sent to 40-plus malware scanning engines to ensure comprehensive detection capabilities
- Cyber Triage licenses per responder, not per endpoint, scaling across any size organization.
- Results are saved to a backend database, which allows the investigator to compare this computer with others.
- Cyber Triage is able to forensically analyze raw or E01 disk and memory images
- Cyber Triage’s intuitive interface makes it easy for non-cyber specialists to review results
- Cyber Triage can be run on a suspect’s computer from a USB during an interview to obtain basic data about how the computer has been used.