Welcome to Cyber Triage Resources

Subscribe to our newsletter that delivers the most actionable, tactical, and timely digital forensics tips you actually need in 15 minutes or less. Get an edge on incident response forensics, for free.

Recent Posts

View all posts



ResponderCon 2022 – Videos – Batch 1

We held our first ResponderCon event back on Sept 13...

New Features

Cyber Triage 3.4: Logons, Hatching, and BITS

Cyber Triage version 3.4 is out and this blog post...


New Features

Cyber Triage 3.4.0 Release Video

Welcome to the Cyber Triage 3.4.0 release video we're going to go through some of the new features we've got.


What is a “Most Recently Used” Artifact Video

Welcome to the first installment of the Cyber Triage Artifact Speedrun series! Today, we're discussing the office MRU Artifact and how it can be useful in your DFIR investigation.The office MRU Artifact keeps track of Windows Office files accessed by a user. It exists because Windows Office applications like Word, Excel or otherwise use this to keep a list of the most recent documents opened and display it to the user.How does it work? Entries are created when a document, such as my document dot Docx, is opened each time it's opened. The last open timestamp within the MRU artifact is updated. Therefore, the most recent files opened by a Microsoft Office application can be found in the office MRU Artifact.We hope you found this quick overview informative and helpful in your DFIR investigation. Stay tuned for more Artifact Speedruns!

New Features

Cyber Triage 3.3.0 Release Updates Video

New Release notes 3.3.0 is out and it's better than ever! With New “Data Accessed” data type, Importing Logical files, and PDF / Microsoft Office Document malware scanning.