DIGITAL FORENSIC AND INCIDENT RESPOENSE
Cyber Triage is an automated digital forensics tool and Incident Response (DFIR) software that allows cybersecurity professionals like you to quickly answer intrusion questions related to:
- Account Takeover
It uses host-based data, scoring, advanced analytics, and a recommendation engine to ensure your investigations are fast and comprehensive.
Belkasoft Remote Acquisition
Belkasoft Remote Acquisition (Belkasoft R) is a new digital forensic and incident response tool developed specifically for remote extraction of hard and removable drives, RAM, connected mobile devices, and even specific types of data. Belkasoft R will be useful in cases when an incident response analyst or a digital forensic investigator needs to gather evidence quickly and the devices in question are situated in geographically distributed locations.
Belkasoft Incident Investigations
Incident Investigation module is aimed to help users investigate hacking attempts of Windows-based computers. By analyzing numerous sources such as registry, event logs and memory dumps, it can find traces, which are typical to various tricks used by hackers to penetrate company’s infrastructure. Belkasoft X looks at various artifacts located inside Amcache, Shimcache, Syscache, BAM/DAM, AppInit DLLs, Change of default file association, scheduled tasks, remote connections (RDP, Remote Connection, TeamViewer and others), startup tasks, browser extensions and so on; it detects suspicious connections and scripts.
The results of analysis are then presented inside separate Incident investigation window, making it easy to separate suspicious activities from regular forensic artifacts.
E3 Remote Imager
E3 Remote Imager is a logical acquisition tool that can work with data in a remote location. The remote can be in a different location, network, or cloud. E3 Remote Imager will detect a volume and acquire the data based on the selection by the user. E3 Remote Imager provides flexible access to the evidence you need, anywhere you have a network connection. This allows for the rapid collection of potentially changing information, in the event of an ongoing breach, or ensures speed and efficiency when collecting evidence in a more traditional forensic investigation.