October 16, 2023 —A new application, Forensics, has been officially launched. With Forensics, you can respond to security incidents,
conduct compromise assessments, threat hunting, and monitoring.
Forensics allows you to create workspaces. Within the workspace, you can isolate the
scope of an incident and execute osqeury and YARA for quick triage and investigation.
If you require more details about an incident, you can collect evidence. Evidence
Collection gathers the digital evidence and uploads it to the Trend Vision One console.
Forensics offers an evidence viewing and searching function, facilitating advanced
investigations. As you progress through the investigation, you can add notes with
important timestamps or create customized records in timelines. In other words, the
Forensics timeline is your tool for creating a comprehensive attack chain report using
the collected evidence records.
Furthermore, you can use the Evidence Archive section of Forensics to manage all the
evidence collected by Incident Response playbooks. Evidence packages can be added
to the workspaces, used for generating evidence reports, and utilized for investigation
at any time.
For more information, see Forensics.