Brian Carrie has already written about the goal of triage and considerations to make when looking at tools. It focuses on tools and things to consider when picking them. Brian Career has taken the IT and security needs of teams into account in building the incident response capacity since many of the tools are fairly manual and are used by experienced users. Brain covers how to analyze the data collected by these tools in his works.
In the second part, the author came to the conclusion that host triage is a big problem that is the best approached as a set of smaller problems. Brian Carrie is looking for ways to optimize. If you have comments, you can tell him about it. If you want to try the eval version of Cyber Triage before then, fill out the form .
Intro to IR Triage (Part 1): Buyer’s Guide
Intro to IR Triage (Part 2): Analysis Categories