Forensics and Analysis

Respond quickly to security incidents, conduct compromise assessments, threat hunting and monitoring.


This feature is not available in all regions.

The Forensics and Analysis app (XDR Threat Investigation > Forensics and Analysis) allows security teams to collect forensic evidence from endpoints, create workspaces to organize the collected evidence, and conduct security incident investigations.

The following table outlines the sections available in the Forensics and Analysis app.



War Room

Create workspaces to organize the collected evidence and conduct incident investigations.


Collect and manage evidence packages.