Cyber Triage by Sleuth Kit Labs logo


Rapidly Investigate Cyber Incidents

Built by Sleuth Kit Labs, the team behind Autopsy, Cyber Triage is automated DFIR software that empowers government agencies and commercial organizations to investigate compromised endpoints quickly.

Unlike traditional digital forensics tools that require deep expertise and hours of manual analysis, Cyber Triage automates the collection and analysis of forensic artifacts so cyber responders of any level can rapidly determine whether an endpoint has been compromised and take action.

Cyber Triage works by remotely deploying an Adaptive Collector on the suspected endpoint(s) to automatically collect the most relevant DFIR data, especially executables. Once collected, the data is analyzed using the most detection layers of any DFIR platform: 40+ malware engines, integrated threat intel feeds, Hayabusa, YARA rules, IOCs, and more. This process scores and prioritizes the findings by level of suspicion, so the investigator can quickly identify where to start. As the investigator reviews, related items are automatically recommended so they can close the investigation just as quickly

The result: Incident response teams at government agencies and commercial organizations can investigate faster, more comprehensively, and at scale.

Speed

  • Integrates with EDRs and SOAR platforms to launch DFIR collections right after alerts fire.
  • Flags bad and suspicious items automatically so investigators can decide instead of just dig.
  • Automatically recommends artifacts as investigators review so no lead is lost.

Comprehensiveness

  • Collects comprehensive evidence that covers all relevant artifact types and attack scenarios.
  • Scores collected data using the most detection layers of any DFIR platform.
  • Finds evidence even where EDR evasion is employed, so investigators uncover persistent threats.

Scale

  • Boost understaffed teams by replacing hours of manual analysis with automation.
  • Empower junior analysts to investigate with a UI built for all skill and experience levels.
  • Support shared findings and collaborative investigations across large teams.
  • Deploy on laptop, cloud, or on-premises server to match any operational requirement

Cyber Triage brings the forensic expertise behind Autopsy and The Sleuth Kit into a single automated DFIR platform built for speed, depth, and scale. Whether your team is a government SOC or a commercial IR unit, Cyber Triage will help you figure out what happened fast.