Learn how to create a forensics investigation. This includes adding a collection, exporting the data collection, managing alerts and key assets & artifacts.
Create a forensics investigation that includes all the relevant forensics data. This includes adding collections (hunts and triages), exporting the data collections, managing alerts and evaluating key assets & artifacts.
Select
→ → → .Click New Investigation.
In the Create New Investigation wizard, enter a name and description (optional) for the investigation.
In the Permissions table, select the users to whom you want to grant access to the investigation data.
Note
To set up user permissions, you must have Scope-Based Access Control (SBAC) enabled.
Refer to User permissions for detailed information on permissions.
Click Save to save the investigation in the Forensic Investigations table or click Save & Start A Collection to start the process of adding collections.
The investigation is saved to the Forensic investigations table.
Click UTC Timezone to configure the timezone and timestamp format. Refer to Configure server settings for information on setting up your timezone.