The Cyber Triage Collector
Find all the evidence you need for your investigation fast.
The Cyber Triage Collector copies data from a system being investigated so that you can quickly start your analysis.
It’s a standalone tool you can deploy via EDR agents, email to your clients, or run from a USB drive. Its output can be sent to a Cyber Triage server, S3 bucket, or saved to a file.
Easy Deployment
The Collector supports 6+ different methods, so we have your use case covered.
It’s a self-contained command-line tool, so it’s easy to automate and for experts to run. But it also has a UI wrapper,so having clients do collections is easy too.
Customizable
The Collector’s rules can be customized in the Cyber Triage UI.
This is useful when you want to always collect a specific application log or look for an indicator of compromise (IOC).
Comprehensive
Our Collecter is “adaptive.” Unlike static collectors, it uses rules as a starting point, then expands out the collection according to what it finds.
This means it gets you the most amount of relevant data, especially scripts and executable content.
Flexible Output
The output of the Collector is a compressed JSON file that can be optionally public key encrypted.
All collected files can be exported from Cyber Triage for further analysis if needed.
Try Cyber Triage Collector
The Collector comes with all versions of Cyber Triage: Team, Standard, and Lite. Try out Cyber Triage today to get access to the Collector and make sure you quickly get all of the data you need.