Learn about the types of evidence supported for collection from both Windows and Linux endpoints.
Forensics supports the collection and examination of evidence from both Windows and
Linux
endpoints. Evidence is collected by the Incident Response Evidence Collection playbook (Windows only), Collect Evidence task, and Trend Micro Incident
Response Toolkit. The collected evidence is displayed in columns in an Evidence
Report or can be downloaded as an evidence package.
Evidence collection tools collect different types of evidence depending on the operating
system
of the endpoint the tools are examining.