Collect

Make your investigations fast and comprehensive by ensuring you collect all of the needed artifacts before they go away.

Get started easily

  • Cyber Triage Team directly integrates into leading SOARs and SIEMs for automated collection
  • Incident responders can manually start a network-based collection
  • The collection tool can be emailed to clients and remote offices and run from a USB drive.

Collect comprehensive data

  • Volatile data (including running processes, open ports, logged-in users, active network connections, and DNS cache)
  • Malware persistence mechanisms, including startup items and scheduled tasks
  • User activity, including what programs they ran, web activity, and logins
  • File metadata from all files on the system.

Collection tool details

  • Runs on all versions of Microsoft Windows (XP and newer)
  • Requires no installation on target systems; it is pushed to live systems as needed or can run directly from a USB drive
  • Contained in a single executable, which makes it easy to deploy
  • Analyzes disk images in raw or E01 formats
  • Uses The Sleuth Kit® forensics library, thereby making collection less vulnerable to typical rootkits and does not modify file access times.
  • For more details, including a complete list of collected artifacts, contact us.