CyberTriage 3.10.0

What is CyberTriage ?

Cyber Triage is automated Digital Forensics and Incident Response (DFIR) software that allows cybersecurity professionals like you to quickly answer intrusion questions related to malware, ransomware, and account takeover.

Host-based data, scoring, advanced analytics, and a recommendation engine ensure your investigations are fast and comprehensive.

CyberTriage offers several key features :

CyberTriage offers the following key features:

1. Automated Data Collection:
   • Collects data from Windows, macOS, and Linux systems, both locally and remotely.
2. Artifact Analysis:
   • Analyzes system artifacts such as files, processes, registry entries, and network connections.
3. Malware Detection:
   • Identifies malicious files and processes using various detection methods.
4. Scoring and Prioritization:
   • Assigns risk scores to artifacts to highlight the most critical evidence.
5. Incident Timeline:
   • Generates timelines of system activity to understand event sequences.
6. User-Friendly Interface:
   • Simplifies analysis with a graphical user interface.
7. Integration with Other Tools:
   • Works with SIEM, EDR, and other cybersecurity tools.
8. Customizable Reporting:
   • Creates detailed, customizable reports in multiple formats.
9. Remote Incident Response:
   • Enables secure, encrypted remote investigations.

• Linux System Analysis: Supports common Linux distributions for data collection and analysis, detecting anomalies and malware.
  Domain Controller Log Analysis: Parses Kerberos and NTLM authentication events, scoring for anomalous behaviors and attacks.
  Fuzzy Malware Scanning with ImpHash: Identifies similar malware without uploading file content, using the import table.
  Labels and Excel Reports: Adds labels to artifacts for easier annotation and generates reports in Excel format for better manipulation and sharing.