Free version with no analytics


  • Collects volatile and file system data
  • Collects to USB Drive
  • Analyzes memory images using Volatility
  • Pivot through collected data to determine scope
  • View timeline of threats to get context
  • Generates HTML and CybOX reports


For small teams who need automation

Email us at for pricing

  • Collects over the network
  • Automatically analyzes data to identify suspicious items
  • Analyzes executables for malware using OPSWAT
  • Analyzes files using Yara rules
  • Hides known good items with whitelists
  • Flags IOC with blacklists
  • Correlates with single user’s previous collection to determine how common item is
  • Groups hosts by incident for better reporting and correlation
  • Produces JSON report that can be imported into SIEMs
  • All of the Lite features


For big and small teams who need to collaborate

Email us at for pricing

  • Collects from many hosts simultaneously
  • Integrates with SIEMs and orchestration tools using REST API
  • Stores data in a multi-user database
  • Correlates with all user’s previous collections to determine how common item is
  • All of the Standard features

Cyber Triage Is Licensed By The Investigator

Because Cyber Triage does not install agents on each endpoint, we are not licensed based on the number of endpoints. Instead, we license based on the number of IT or security team members using the software.  We grow with the security maturity of your organization.

If you are just starting out, then you may need only a single Standard license.  As your team gets larger, you can add Standard licenses and grow into the collaborative Team version.