12. Upgrading Installations¶

12.1. General Concepts¶

When upgrading an existing installation of Cyber Triage, there are a few concepts to keep in mind:

The new version will install alongside your existing one. They will go into different “Program Files” folders.
You should update your AV and EDR providers with the hash values of the new collector. You can find those in the History.
If you are running a Team cluster, remember to:
- Update the Server service to point to the new folder. Instructions can be found in Upgrading Application Versions.
- Update the clients to the new version as. They should not need to have any further configuration. Their settings will transfer from the previous version.

With respect to backward compatibility: * You will be able to open your previous incidents. * The database schema of an older incident may get updated when it is opened, but you will still be able to open with an older version of Cyber Triage. Our upgrades are backward compatible. * If you start to add hosts and do analysis with a newer version, then you may not be able to see the results with an older version. We recommend that you only use a single version of Cyber Triage at a time.

The upgrade from v2 to v3 was more substantial because it changed database types. Refer to Upgrading from v2 to v3 for details.

12.2. Upgrading from v2 to v3¶

Version 3 of Cyber Triage^® introduced a new backend database type and schema. This is a backward incompatible change and this section outlines how to make the upgrade and what is retained.

Here are some key concepts:

You will not be able to access data in Cyber Triage^® version 3 (v3) that was created in Cyber Triage^® version 2 (v2).
No v2 data is deleted, it is just not in the v3 database.
You can install v3 alongside v2, but only one version can be run at a time. This will allow you to access old data.
Your basic configuration settings from v2 will be used by v3.
The collection tool schema changed. The Cyber Triage^® v3 UI cannot import v2 collection tool data.

12.2.1. Standard¶

If you have Cyber Triage^® Standard, then you can simply install Cyber Triage^® 3 and start using it with no other configuration changes.

12.2.2. Team¶

You have a couple of decisions to make when using the new Team version:

Retaining Access to v2 Data: If you want clients to be able to access older data, then you should get a new host for the v3 Cyber Triage^® Server. If you do not need access, then you can stop the v2 Cyber Triage^® Server and start v3 instead.
Database Type: With v3, you have a choice of SQLite or PostgreSQL. Choosing between them is outlined in Configuring a Team Environment.
If you have configured CT team server to run as a service, you will need to follow Configuring the Server to Run as a Service to remove the service and reinstall the new version’s service.

For each client, you’ll need to:

Configure them to use the new Server Password.
Change the server address if you have a new host for the v3 Server.