Enterprise wide Forensic Analysis

TimeMachine is an enterprise remote forensic platform which is focused on forensic analysis and acquisition. By lowering the effort of forensic analysis on each system, we can use TimeMachine to perform enterprise wide triaging and analysis procedures.

Timemachine now also supports Linux and Mac OS X clients.

Image Hosts Remotely

Copy Memory and Drives.

Get a memory and drive image remotely and optionally upload it centrally for offline analysis. All this working over the internet making it possible to analyze devices outside the local network.

Remote analysis and Retrieval

Indicators of Compromise.

After a compromise has been detected easily look for artifacts simultaneously right across all hosts. Even offline remote hosts will immediately perform the requested actions immediately they come online.

Automatic Anomaly detection

Which Hosts Stand Out.

Automatically detect which hosts deviate from the standard and flag them for further analysis. An example would be unusual registry or start up entries, compared to other hosts on the LAN, would be flagged.

Timeline Creation

What time and what order.

Easy create a super timeline for the artifacts found on suspect hosts and supported network equipment and produce a timeline that can be analyzed by forensic analyst teams.