Rapid Endpoint Triage Service

Understand the Threat Following an Alert

You Upload

You run a tool on your computer to upload data to our online lab.

We Analyze

We quickly analyze your data and generate a triage report.

You Decide

You decide how to respond based on the severity of the findings.

You give us data.

We give you answers.

The Answers You Need After an Alert

Attacks often start 11 days before detection.

11
Days

You need to know what happened before an EDR alert:

  • Exfiltration: Was IP or sensitive data stolen?
  • Lateral Movement: Were other hosts involved?
  • Command and Control: Does the attacker have remote access?

Our service gives you all the answers you need in one report.

How it works

You Upload

  • After payment, we will send you the Collector program along with instructions and a video.
  • You will copy the program to the endpoint and launch it. It does not need to be installed.
  • The program automatically collects hundreds of critical forensic artifacts and files.
  • The data is securely uploaded to our servers.
  • See FAQs for more information.

We Analyze

  • Your data is ingested into our automated investigation platform, Cyber Triage, which is used by leading forensic teams around the world.
  • The data is analyzed using 40+ malware scanning engines, sandbox analysis, Yara rules, and dozens of other AI and machine learning-based techniques.
  • An analyst from our team will review the findings to generate a report focused on key questions, such as data exfiltration and lateral movement.

You Decide

  • We will send you a secure link to your report for your review.
  • If purchased, we will meet with you to answer additional questions.
  • You can then have the data needed to decide what to do with this host.

Why Sleuth Kit Labs

The team behind Autopsy, Cyber Triage, and Sleuth Kit Labs has been conducting investigations and building digital forensics tools for over 20 years.

Brian Carrier, CEO

Brian leads the company and has been involved with national security investigations, built leading open source tools, and wrote the popular book, File System Forensic Analysis.

Mike Wilkinson, Head of Services and Training

Mike leads services efforts with knowledge from over two decades of experience conducting digital investigations and helping people recover from cyber security incidents.

Pricing and Delivery

Pricing Fixed price of $2,000 for each endpoint*
Delivery 1 business day target.**

Buy Now

*Additional support post-report is billed at an hourly rate.
**Estimated date subject to change based on workload. An estimate will be provided upon purchase. 

Bulk discounts available for MSSPs and MDRs.

White labeling is possible.

Request Information:


FAQ

We can analyze all versions of Windows. Please let us know if you have Windows XP or Vista and we’ll send you a special version of the Collector.

The computer will need to be powered on to run the Collector. If you cannot turn it back on, then please contact us and we will determine if we can help you.