Cyber Triage – Practical Endpoint Response

Cyber Triage is an Incident response framework that will investigate remote systems and endpoint by pushing a collection of tools over the network. This will help in collecting relevant data, and analyzing it for malware and suspicious activity.

Cyber Triage - Simplify Incident Response
Cyber Triage – Simplify Incident Response

Collection tool properties:

  • Runs on all Microsoft versions starting from Windows XP and newer.
  • No installation Requirement on target systems. It is pushed to live systems as needed or can run directly from a USB drive.
  • The installation package contained in a single executable file , which makes it easy to deploy.
  • Collection can be started manually or automated from a SIEM or other workflow tool using our REST API.
  • Analyzes disk images in raw or E01 formats.

The targeted collection approach with this framework saves time because it copies important data from the system and does not require user to make entire drive forensic image.

The free demo version include the following functionality:

  • Collects volatile and file system data.
  • Collects to USB Drive.
  • Analyzes memory images using Volatility.
  • Pivot through collected data to determine scope.
  • View timeline of threats to get context.
  • Generates HTML and CybOX reports.

You can read more and download this framework over here:

Notify of
Inline Feedbacks
View all comments