Cyber Triage
@cybertriage.bsky.social
Digital Forensics and incident response software for endpoint investigation. Built by @sleuthkitlabs and Brian Carrier (@carrier4n6).
Reposted by Cyber Triage
#DFIR Automation Series
I use 4 levels of automation ranging from none to fully automated.
I think an ideal solution is to use full automation for low risk decisions. And recommendations for higher risk.
We use recommendations in Cyber Triage by scoring each artifact. You ultimately decide.
I use 4 levels of automation ranging from none to fully automated.
I think an ideal solution is to use full automation for low risk decisions. And recommendations for higher risk.
We use recommendations in Cyber Triage by scoring each artifact. You ultimately decide.
August 20, 2025 at 4:10 PM
#DFIR Automation Series
I use 4 levels of automation ranging from none to fully automated.
I think an ideal solution is to use full automation for low risk decisions. And recommendations for higher risk.
We use recommendations in Cyber Triage by scoring each artifact. You ultimately decide.
I use 4 levels of automation ranging from none to fully automated.
I think an ideal solution is to use full automation for low risk decisions. And recommendations for higher risk.
We use recommendations in Cyber Triage by scoring each artifact. You ultimately decide.
New Forensic Resource
What to do after you find TeamViewer:
→ Log files to find activity details
→ Executables to find installation times
→ Domains to find download source
Learn how to corroborate timelines to investigate suspicious TeamViewer.
www.cybertriage.com/blog/dfir-ne...
What to do after you find TeamViewer:
→ Log files to find activity details
→ Executables to find installation times
→ Domains to find download source
Learn how to corroborate timelines to investigate suspicious TeamViewer.
www.cybertriage.com/blog/dfir-ne...
DFIR Next Steps: Suspicious TeamViewer Use
Welcome to the next post in our DFIR Next Steps series on Remote Monitoring & Management (RMM) tools. This series is designed to help you quickly
www.cybertriage.com
August 14, 2025 at 3:26 PM
New Forensic Resource
What to do after you find TeamViewer:
→ Log files to find activity details
→ Executables to find installation times
→ Domains to find download source
Learn how to corroborate timelines to investigate suspicious TeamViewer.
www.cybertriage.com/blog/dfir-ne...
What to do after you find TeamViewer:
→ Log files to find activity details
→ Executables to find installation times
→ Domains to find download source
Learn how to corroborate timelines to investigate suspicious TeamViewer.
www.cybertriage.com/blog/dfir-ne...
Reposted by Cyber Triage
Adding automation to your #DFIR investigations means you have less decisions to make. Get rid of the tedious work! Focus on the fun stuff!
Here are my three thoughts on the most effective ways to add automation and which tools do them.
What are yours?
www.cybertriage.com/blog/3-ways-...
Here are my three thoughts on the most effective ways to add automation and which tools do them.
What are yours?
www.cybertriage.com/blog/3-ways-...
3 Ways to Make Digital Investigations Faster with Automation
Everyone — except for some consultants paid by the hour — wants to skip the tedious work associated with digital investigation. The good news is there are
www.cybertriage.com
August 5, 2025 at 3:29 PM
Adding automation to your #DFIR investigations means you have less decisions to make. Get rid of the tedious work! Focus on the fun stuff!
Here are my three thoughts on the most effective ways to add automation and which tools do them.
What are yours?
www.cybertriage.com/blog/3-ways-...
Here are my three thoughts on the most effective ways to add automation and which tools do them.
What are yours?
www.cybertriage.com/blog/3-ways-...
Reposted by Cyber Triage
New Cyber Triage release with:
* New UIs to give you an overview of the endpoint
* Hyabusa integration
* Baseline
* Public key encryption on collector
* LOTS more....
Blog and Download Link: www.cybertriage.com/blog/3-14-re...
* New UIs to give you an overview of the endpoint
* Hyabusa integration
* Baseline
* Public key encryption on collector
* LOTS more....
Blog and Download Link: www.cybertriage.com/blog/3-14-re...
May 6, 2025 at 2:39 PM
New Cyber Triage release with:
* New UIs to give you an overview of the endpoint
* Hyabusa integration
* Baseline
* Public key encryption on collector
* LOTS more....
Blog and Download Link: www.cybertriage.com/blog/3-14-re...
* New UIs to give you an overview of the endpoint
* Hyabusa integration
* Baseline
* Public key encryption on collector
* LOTS more....
Blog and Download Link: www.cybertriage.com/blog/3-14-re...
Reposted by Cyber Triage
EDRs miss activity! 😲😱.
You should not miss webinar tmrw! 😀
Markus and I will talk about why EDR alerts could be days after an attack started.
We'll talk about how to do endpoint triage to see what else happened beyond the alert!
Mar 27 @ 11 Eastern
register.gotowebinar.com/register/916...
You should not miss webinar tmrw! 😀
Markus and I will talk about why EDR alerts could be days after an attack started.
We'll talk about how to do endpoint triage to see what else happened beyond the alert!
Mar 27 @ 11 Eastern
register.gotowebinar.com/register/916...
register.gotowebinar.com
March 26, 2025 at 2:55 PM
EDRs miss activity! 😲😱.
You should not miss webinar tmrw! 😀
Markus and I will talk about why EDR alerts could be days after an attack started.
We'll talk about how to do endpoint triage to see what else happened beyond the alert!
Mar 27 @ 11 Eastern
register.gotowebinar.com/register/916...
You should not miss webinar tmrw! 😀
Markus and I will talk about why EDR alerts could be days after an attack started.
We'll talk about how to do endpoint triage to see what else happened beyond the alert!
Mar 27 @ 11 Eastern
register.gotowebinar.com/register/916...
Reposted by Cyber Triage
For those in the #SOC: Alert Triage vs Endpoint Triage
Blog post that is part of our Endpoint Triage series.
Alert triage focuses on validating and prioritizing the EDR/SIEM alert.
Endpoint triage focuses on prioritizing the host. How bad is it?
www.cybertriage.com/blog/alert-t...
Blog post that is part of our Endpoint Triage series.
Alert triage focuses on validating and prioritizing the EDR/SIEM alert.
Endpoint triage focuses on prioritizing the host. How bad is it?
www.cybertriage.com/blog/alert-t...
Alert Triage vs Endpoint Triage: What SOCs Need to Know
As we talk to corporate security teams about how they respond to incidents and EDR alerts, we find it useful to highlight the Endpoint Triage step in
www.cybertriage.com
March 21, 2025 at 1:38 PM
For those in the #SOC: Alert Triage vs Endpoint Triage
Blog post that is part of our Endpoint Triage series.
Alert triage focuses on validating and prioritizing the EDR/SIEM alert.
Endpoint triage focuses on prioritizing the host. How bad is it?
www.cybertriage.com/blog/alert-t...
Blog post that is part of our Endpoint Triage series.
Alert triage focuses on validating and prioritizing the EDR/SIEM alert.
Endpoint triage focuses on prioritizing the host. How bad is it?
www.cybertriage.com/blog/alert-t...
Reposted by Cyber Triage
I'm doing a webinar TMRW on investigation tools for endpoint triage. Basic idea is how to get quick and accurate results after an alert. EDR data plays a role in that, but it's not enough.
Endpoint Triage should be in any security team's process.
attendee.gotowebinar.com/register/281...
Endpoint Triage should be in any security team's process.
attendee.gotowebinar.com/register/281...
attendee.gotowebinar.com
February 25, 2025 at 3:30 PM
I'm doing a webinar TMRW on investigation tools for endpoint triage. Basic idea is how to get quick and accurate results after an alert. EDR data plays a role in that, but it's not enough.
Endpoint Triage should be in any security team's process.
attendee.gotowebinar.com/register/281...
Endpoint Triage should be in any security team's process.
attendee.gotowebinar.com/register/281...
Reposted by Cyber Triage
Reposted by Cyber Triage
Reposted by Cyber Triage
Endpoint Triage: What you do after you validate the EDR alert to understand the impact.
#DFIR Webinar Thu @ 11.
register.gotowebinar.com/register/142...
#DFIR Webinar Thu @ 11.
register.gotowebinar.com/register/142...
January 28, 2025 at 4:14 PM
Endpoint Triage: What you do after you validate the EDR alert to understand the impact.
#DFIR Webinar Thu @ 11.
register.gotowebinar.com/register/142...
#DFIR Webinar Thu @ 11.
register.gotowebinar.com/register/142...
Cyber Triage 3.13 is the holiday gift you’ve been waiting for:
Integrations that make you faster.
→ MemProcFS integration
→ Expanded S3 integration
→ Detailed sandbox report
Complete 3.13 release notes: www.cybertriage.com/blog/release...
Integrations that make you faster.
→ MemProcFS integration
→ Expanded S3 integration
→ Detailed sandbox report
Complete 3.13 release notes: www.cybertriage.com/blog/release...
3.13 Adds MemProcFS and Extends the S3 and Recorded Future Sandbox Integrations
Our holiday gift this year is some frequently requested features that came out in the 3.13 release: MemProcFS to support Windows 10 and 11 images
www.cybertriage.com
December 19, 2024 at 10:56 PM
Cyber Triage 3.13 is the holiday gift you’ve been waiting for:
Integrations that make you faster.
→ MemProcFS integration
→ Expanded S3 integration
→ Detailed sandbox report
Complete 3.13 release notes: www.cybertriage.com/blog/release...
Integrations that make you faster.
→ MemProcFS integration
→ Expanded S3 integration
→ Detailed sandbox report
Complete 3.13 release notes: www.cybertriage.com/blog/release...