Respond quickly to security incidents, conduct compromise assessments, threat hunting and monitoring.


This feature is not available in all regions.

Forensics (XDR Threat Investigation > Forensics) allows you to conduct security investigations. From the Trend Vision One console, you can gather digital evidence from endpoints, organize collected data within workspaces, and quickly triage endpoints using YARA and osquery.

The following table outlines the sections available in Forensics.



War Room

Create, modify or delete workspaces to organize the collected evidence and conduct incident investigations.


Collect and manage digital evidence packages from the endpoints in your environment.

Task list

Monitor the status of tasks generated within the Forensics app, such as evidence collection.