3.8 Release – Includes Autopsy Integration and Malware Scanning Boosts

Cyber Triage 3.8 is out with two key new features to ensure you finish investigations and dive as deep into them as you want. This post covers:

  • New boost malware scanning feature that allows you to purchase additional lookups for big incidents.
  • New integration with Autopsy that allows you to open Cyber Triage Incidents from within Autopsy.

To evaluate the latest version, use this form

To attend a webinar on Sept 6 to hear about these new features, register here.

Go Beyond Your Malware Scanning Limits

When big incidents happen, then the pressure is on to get through all of those hosts and get to the root cause. You can’t be held back by limits imposed by your tools! 

Cyber Triage has introduced two new malware scanning features to ensure you can get through as many hosts as possible:

  • Flex Limits: Sometimes your malware limit hits with 100 files left on a host. There’s nothing worse than having to wait until tomorrow to restart. To fix this, Cyber Triage now has flex limits that allow you to go over your base limits by 1000 lookups per calendar month. So, when you have 100 files left on a system, you can dip into your flex limits to finish the host. When it happens again next week, you can dip into it again. 
  • Boost Codes: When you need to do more than just dip into flex, then you can now purchase bulk amounts of lookups. They are good for 30-days and range in size from 15,000 to 240,000 additional lookups and uploads. You can purchase them with a credit card at any time of the day, even at 2AM!

With the latest release, there is nothing additional to do for flex.  When you need to purchase Boost, the software will prompt you and you can visit checkout page. At any time, you can see the limits on your system: 

You can read more about this in the User Manual.

Open Cyber Triage Incidents in Autopsy

You can now open a Cyber Triage Incident from within Autopsy so that you can do a deeper dive. Previously, you had to export files and re-import them. Autopsy allows you to, for example, perform a full text search. 

Version 3 is when we migrated Cyber Triage to the same database as Autopsy, but they use different configuration files and artifacts. Now, Cyber Triage can create an Autopsy case folder and Autopsy can use the same data that Cyber Triage collected.

This integration is a work in progress and will have incremental improvements. The basic process is:

  • Add the Cyber Triage Importer Module into Autopsy. You can get this module from within Cyber Triage.
  • For each incident, use the Incident-level Report feature to create an Autopsy case.
  • Open that case in Autopsy

More detailed instructions and screenshots are in the User Guide.

Try It Out

You can download an evaluation copy from this form. If you are already a customer and didn’t receive a link, then send a message to support. 

We will continue to build out features to analyze as many systems as possible and enable you to dive deeper.

Share

FacebookTwitterLinkedInReddit

Cyber RespondIR Newsletter

Like to learn about DFIR?

Sign up for our newsletter to get updates when we push out new technical posts and videos.