Search, filter, and organize all the digital evidence collected from endpoints.
The following table outlines the actions available in the Evidence Report screen.
|
Action
|
Description
|
||
|
Filter evidence
|
Locate key pieces of evidence by using the evidence categories, search field, and the Package menu.
The Package list only displays evidence packages collected from the endpoint added to the workspace.
|
||
|
View high-risk elements
|
The Highlights section of the evidence report displays all the high-risk pieces of evidence found
in the collected evidence. Forensics uses the Trend Micro threat intelligence service
to classify elements as high-risk.
You can use the Highlights section as a starting point for your investigations.
|
||
|
Add evidence to timeline
|
Add key evidence to your workspace timeline to gain insights into the context of an
incident.
Select one or more pieces of evidence, click Add Selected to Timeline, select a timestamp type, and click Create.
|
||
|
View execution context
|
The Execution Context panel lets you to see all the events that happened before and after the execution
of a program.
Right-click a piece of evidence, then click View Execution Context to see the execution context of a specific element.
|
||
|
View related threat intelligence from VirusTotal
|
Threat intelligence from VirusTotal facilitates thorough investigation of possible
threats in your environment.
Right-click URLs, domains, IPs, or file SHA-1 and select VirusTotal to check the related element information from VirusTotal.
|
