Collect complete evidence
Cyber Triage’s targeted collection approach saves time because it copies the most important data from the system in one step and does not require the user to make a forensic image of the entire drive.
Find threats fast
After collection, Cyber Triage automatically looks for data that is anomalous and similar to past incidents. Each collected item is assigned a score based on its risk. Bad and suspicious items are prioritized and shown to the user.
After reviewing the data, users can dig deeper for more context and get to root cause. Cyber Triage recommends related files, provides timelines to find other suspicious items, and makes it easy to pivot between artifacts.
Everything works together with Cyber Triage. Multiple investigators can work on the same investigation at the same time. JSON or CSV reports are easy to generate and import into other systems. (It’s also simple to create beautiful HTML reports for management). And, once the investigation is done, Cyber Triage uses the results to improve future analyses.