Cyber Triage

Additional features

Agentless Data Collection

Utilizes a small, self-contained, agentless tool to collect dozens of artifact types (e.g., persistence, execution, data access) from endpoints without requiring permanent installation, supporting flexible transfer options (network, USB, S3).

Automated Artifact Scoring & Prioritization

Automatically scores collected artifacts based on suspiciousness and relevance using threat intelligence, enabling investigators to quickly focus on the most critical data and effectively prioritize leads.

Beyond EDR Visibility

Designed to uncover evidence that traditional EDRs might miss, including data hidden by evasion techniques or past retention dates, and identifies suspicious activity not flagged by EDRs, providing deeper insights.

Advanced Malware Detection

Integrates with and scans executables using 40+ malware detection engines for comprehensive and robust identification of malicious files.

Intelligent Recommendation Engine

Guides investigators by explicitly recommending artifacts to follow up on, ensuring all potential leads are explored for a more thorough and complete investigation.

Flexible Deployment Options

Can be deployed and run in various scenarios, including on a laptop (for field use), in the cloud, or on an on-premise server, adapting to different operational environments and security needs.

Host-Based Analysis & Correlation

Focuses on analyzing data directly from compromised hosts, correlating findings between different machines involved in an incident to understand the broader attack scope.

Integration with Existing Security Tools

Seamlessly integrates with existing EDR and SOAR platforms to initiate rapid data collections and streamline incident response workflows for faster mean time to respond (MTTR).

Memory Acquisition Capability

Supports the acquisition and analysis of volatile memory data, often in conjunction with tools like Velociraptor, to capture transient evidence.

User-Friendly Design

Built by experienced forensics veterans (Sleuth Kit Labs, creators of Autopsy), it's designed for ease of use and minimal training, making complex digital forensics accessible to a wider range of first responders.

Forensic Reporting

Provides the necessary data and insights for comprehensive forensic reporting, helping to answer key investigative questions like "What did the attacker do?" or "How did they get in?".

Minimize Attack Damage

Expedites investigations to collect crucial evidence before it's overwritten or lost, thereby helping to minimize the overall damage from a cyber attack.