Collection

Systematically gather artifacts, telemetry, and forensic evidence from endpoints, servers, cloud services, network devices, and security tooling. Aggregate logs from SIEM, EDR, identity providers, email gateways, and proxy infrastructure to build a comprehensive dataset for timeline reconstruction and root cause analysis.