Search, filter, and organize all the digital evidence collected from endpoints.
The following table outlines the actions available in the Evidence Report screen.
Action
|
Description
|
||
Filter evidence
|
Locate key pieces of evidence by using the evidence categories, search field, and the Package menu.
|
||
View high-risk elements
|
The Highlights section of the evidence report displays all the high-risk pieces of evidence found
in the collected evidence.
|
||
Add evidence to timeline
|
Add key evidence to your workspace timeline to gain insights into the context of an
incident.
Select one or more pieces of evidence, click Add Selected to Timeline, select a timestamp type, and click Create.
|
||
View execution context
|
The Execution Context panel lets you to see all the events that happened before and after the execution
of a program.
Right-click a piece of evidence, then click View Execution Context to see the execution context of a specific element.
|
||
View related threat intelligence from VirusTotal
|
Threat intelligence from VirusTotal facilitates thorough investigation of possible
threats in your environment.
Right-click URLs, domains, IPs, or file SHA-1 and select VirusTotal to check the related element information from VirusTotal.
|