Learn about forensics, how to create forensic investigations, how to create and manage data collections, and how to assess other forensic related settings.
The Forensics investigations provides a single location for grouping, tracking, and analyzing all forensic data collections.
The one-stop shop that enables you to:
View any alerts triggered during data ingested as part of the investigation.
Tag relevant evidence for inclusion for the Investigation Timeline.
Export collected data for long-term retention.
Set user permissions that can be assigned to investigations allowing you to restrict access to the Investigation page including the Investigation Timeline and collection details.
The Forensic Investigation fields shows information relating to the investigation.
Fields | Description |
---|---|
Investigation | The name of the investigation. |
Description | Shows the Information that describes the investigation. |
Status | Shows the present status of the investigation:
|
Evidence collections | Shows the number of completed collections from the total collections. |
New alerts | Shows the total count of alerts for the collection with the status New. You can click the link to open the investigation on the Alerts tab with the filter of status=new. |
Total alerts | Shows the total number of alerts for data collected in the investigation You can click the link to open the investigation on the Alerts tab. |
Created by | Shows the username of the user who created the investigation. |
Created | Shows the timestamp of when the investigation was created. |