Preservation
Secure and preserve volatile and non-volatile evidence in a forensically sound manner before any remediation actions alter system state. Capture memory dumps, disk images, log snapshots, and network packet captures. Maintain proper chain of custody documentation and ensure evidence admissibility for potential legal proceedings.
Volatile Memory Capture
P1Memory Capture
60min
View node
Log Preservation and Snapshot
P1Log Snapshot
45min
View node
Preserve VSS Shadow Copies and Encryption Timing Artifacts
P1Ransomware Preservation
90min
View node
Preserve Phishing Email Evidence
P1Phishing Email Preservation
45min
View node
Document Chain of Custody for All Collected Evidence
P2Chain of Custody
30min
View node
Covert Evidence Capture for Insider Threat
P2Insider Evidence Capture
120min
View node
Cloud Tenant Configuration Snapshot
P2Cloud Tenant Snapshot
60min
View node