Fast & Affordable Forensics for Incident Response

Digital Forensics Specialized For Rapid Incident Response

 

Complete intrusion investigations with speed, accuracy, and simplicity.

 

Cyber Triage is automated Digital Forensics and Incident Response (DFIR) software that allows cybersecurity professionals like you to quickly answer intrusion questions related to malware, ransomware, and account takeover.

 

Host-based data, scoring, advanced analytics, and a recommendation engine ensure your investigations are fast and comprehensive.

 

The Leader in DFIR Artifact Scoring

 

Cyber Triage is the only DFIR tool that will:

 

  • Score artifacts to ensure you quickly focus on relevant data
  • Scan executables with 40+ malware detection engines
  • Deploy in challenging environments where agents can’t be used
  • Recommend artifacts to ensure you follow up on all leads

 

SOCs, MSSPs, consultants, and law enforcement all use these features to answer their hard investigative questions, such as “What did the attacker do?” and “How did they get in?”.

 

Complete Your Investigations Faster

 

Speed is critical to ensure you get the evidence before it is overwritten and you minimize the damage an attacker can do.

 

Cyber Triage maximizes the artifacts per second you process by:

 

  • Identifying the artifacts that are relevant and showing them first.
  • Recommending artifacts so that you quickly follow all leads.
  • Integrating with SIEMs so that collections start ASAP.

Conduct More Comprehensive Investigations

 

Investigations need to be comprehensive to understand the full scope of the incident and remove the persistence mechanisms.

 

Cyber Triage gives you breadth by:

 

  • Collecting dozens of artifact types based on numerous attack scenarios.
  • Analyzing executables with 40+ malware scanning engines.
  • Using threat intelligence to update collection methods and heuristics.

Flexible Deployments

 

Investigations using Cyber Triage have four basic steps:

 

  1. Data is collected using an agentless collection tool that sends artifacts over the network, to USB, or S3.
  2. Artifacts are analyzed and scored using threat intelligence. Correlations are made between hosts.
  3. Responders review the artifacts and dive deeper based on what questions they need to answer.
  4. Additional hosts are collected from and added to the incident.

 

Cyber Triage has been designed to work in any scenario a Cyber First Responder finds themselves in. It can run on a laptop, the cloud, or an on-premise server.