11. Upgrading Installations

11.1. General Concepts

When upgrading an existing installation of Cyber Triage, there are a few concepts to keep in mind. One major exception is when upgrading from version 2 to 3, which had a major database upgrade. Refer to Upgrading from v2 to v3 for more details.

For all other upgrades:

  • The new version will install alongside your existing one. They will go into different “Program Files” folders.

  • You will be able to open your previous incidents.

  • The database schema of an older incident may get updated when it is opened, but you will still be able to open with an older version of Cyber Triage. Our upgrades are backward compatible.

  • If you start to add hosts and do analysis with a newer version, then you may not be able to see the results with an older version. We recommend that you only use a single version of Cyber Triage at a time.

11.2. Upgrading from v2 to v3

Version 3 of Cyber Triage® introduced a new backend database type and schema. This is a backward incompatible change and this section outlines how to make the upgrade and what is retained.

Here are some key concepts:

  • You will not be able to access data in Cyber Triage® version 3 (v3) that was created in Cyber Triage® version 2 (v2).

  • No v2 data is deleted, it is just not in the v3 database.

  • You can install v3 alongside v2, but only one version can be run at a time. This will allow you to access old data.

  • Your basic configuration settings from v2 will be used by v3.

  • The collection tool schema changed. The Cyber Triage® v3 UI cannot import v2 collection tool data.

11.2.1. Standard

If you have Cyber Triage® Standard, then you can simply install Cyber Triage® 3 and start using it with no other configuration changes.

11.2.2. Team

You have a couple of decisions to make when using the new Team version:

  1. Retaining Access to v2 Data: If you want clients to be able to access older data, then you should get a new host for the v3 Cyber Triage® Server. If you do not need access, then you can stop the v2 Cyber Triage® Server and start v3 instead.

  2. Database Type: With v3, you have a choice of SQLite or PostgreSQL. Choosing between them is outlined in Configuring a Team Environment.

  3. If you have configured CT team server to run as a service, you will need to follow Configuring the Server to Run as a Service to remove the service and reinstall the new version’s service.

For each client, you’ll need to:

  • Configure them to use the new Server Password.

  • Change the server address if you have a new host for the v3 Server.