Views:

Learn about the types of evidence supported for collection from both Windows and Linux endpoints.

Forensics supports the collection and examination of evidence from both Windows and Linux endpoints. Evidence is collected by the Incident Response Evidence Collection playbook (Windows only), Collect Evidence task, and Trend Micro Incident Response Toolkit. The collected evidence is displayed in columns in an Evidence Report or can be downloaded as an evidence package.
Evidence collection tools collect different types of evidence depending on the operating system of the endpoint the tools are examining.