1.3. Overview of Collection Methods¶
Cyber Triage is very flexible with now to collect and import data, which can also make it overwhelming.
This section will help you decide which approach to use.
We will use the following decision tree:
Special notes about the questions in this decision tree:
Is the target computer still running? If not, you need to have either already collected from it or will need to somehow get data from it (bootable USB, remove drive, etc.).
Can the target connect to Cyber Triage? If it can, it can send data directly to Cyber Triage over port 443.
Each box directs to you to an approach.
If it refers to integrating with an EDR or SOAR, refer to Integrations.
If it refers to launching the Collector, refer to The Cyber Triage Collector Tool.
Otherwise, refer to the “Add Host” methods in Adding a Host.