{
	"id": "b17ecbd5-c614-43ee-8850-4a4623ebcae9",
	"created_at": "2026-04-06T00:17:44.606205Z",
	"updated_at": "2026-04-10T03:23:51.544036Z",
	"deleted_at": null,
	"sha1_hash": "1ba44c12c466d242500c21627bfa93f1d064e49a",
	"title": "Solve Cloud Forensics at Scale",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 864783,
	"plain_text": "Solve Cloud Forensics at Scale\r\nArchived: 2026-04-05 12:43:11 UTC\r\nMulti-cloud investigations are manual and slow, and data disappears fast\r\n1/3rd\r\nof alerts in cloud environments do not get investigated due to lack of information\r\n89%\r\nof organizations suffer damage before containing and investigating incidents\r\nDarktrace's report: \"Organizations require a new approach to handle investigations and response in the cloud\"\r\nIntroducing forensics at the speed of cloud\r\nCloud-native forensics, designed for scale\r\nAutomated data capture across your business\r\nIntegrates with any alert source and deploys via API to enable fast, low-overhead response within existing\r\nworkflows.  \r\nSupport containers and ephemeral assets\r\nLeverage automation to ensure incident data is captured and preserved before it disappears. Automatically collect\r\nkey data sources and memory from individual processes for forensic analysis.\r\nParallel collection and processing\r\nCapture more data in less time, resulting in deep forensic insight delivered in minutes, not days.\r\nhttps://www.cadosecurity.com/cado-security-labs-researchers-witness-a-600x-increase-in-p2pinfect-traffic/\r\nPage 1 of 5\n\nFull attack timelines in minutes, not hours\r\nTimelines enriched with context to shows exactly what happened, when, and how\r\nEliminate tedious manual work\r\nGet root cause analysis for cloud security alerts without combing through logs or artifacts manually.\r\nAccelerate investigations\r\nA visual timeline links files, commands, and lateral movement.\r\nEnsure response decisions are informed by a complete and accurate picture of the threat.\r\nhttps://www.cadosecurity.com/cado-security-labs-researchers-witness-a-600x-increase-in-p2pinfect-traffic/\r\nPage 2 of 5\n\nEmpowers organizations to respond to threats faster\r\nBetter understand risk across complex environments, reduce MTTR, and rapidly deploy with this first-of-its-kind\r\ntechnology\r\nGet immediate insights into malicious activity, saving analysts precious time during event triage. Perform\r\nautomated triage of acquisitions of endpoint resources to gain deeper context in a shorter period of time.\r\nCross-cloud investigations\r\nInvestigate incidents identified in any cloud environment in a single solution. Findings are unified in one timeline\r\nto allow seamless investigation and response.\r\nContainer \u0026 K8 investigations\r\nPerform investigation and response in ephemeral environments, leveraging automation to ensure incident data is\r\ncaptured and preserved before it disappears.\r\nInvestigate key SaaS logs, alongside other sources captured across on-premises and cloud assets to gain a better\r\nunderstanding of the scope and impact of malicious activity.\r\nCloud detection \u0026 response\r\nMarry threat detection with automated collection and investigation - with critical forensic-level context - to\r\nexpedite response to cloud threats as soon as malicious activity is detected.  \r\nAutomate the collection, processing, analysis, and preservation of evidence so it’s accessible to all teams when\r\nneeded, every time – before it disappears.\r\nhttps://www.cadosecurity.com/cado-security-labs-researchers-witness-a-600x-increase-in-p2pinfect-traffic/\r\nPage 3 of 5\n\n“We resolve hundreds of potential incidents in minutes. By assisting analyst investigations, we've been able to\r\ndrastically increase efficiency by 250%.”\r\nGlobal Gaming Company\r\nHead of Security Operations\r\n“We have a cloud team that takes countless manual steps to capture and process forensic data...I can’t wait to tell\r\nthem I can do this in just a few clicks!”\r\nFortune 500 US Company\r\nDFIR Team Lead\r\n“The fact that I no longer have to wait 24 hours to start a forensics investigation is game changing.”\r\nTop Cybersecurity Consulting Firm\r\nDFIR Manager\r\nRead the solution brief\r\n250%\r\nDiscover how Darktrace / Forensic Acquisition \u0026 Investigation enables faster and deeper investigations in the\r\ncloud\r\nhttps://www.cadosecurity.com/cado-security-labs-researchers-witness-a-600x-increase-in-p2pinfect-traffic/\r\nPage 4 of 5\n\nSource: https://www.cadosecurity.com/cado-security-labs-researchers-witness-a-600x-increase-in-p2pinfect-traffic/\r\nhttps://www.cadosecurity.com/cado-security-labs-researchers-witness-a-600x-increase-in-p2pinfect-traffic/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.cadosecurity.com/cado-security-labs-researchers-witness-a-600x-increase-in-p2pinfect-traffic/"
	],
	"report_names": [
		"cado-security-labs-researchers-witness-a-600x-increase-in-p2pinfect-traffic"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434664,
	"ts_updated_at": 1775791431,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1ba44c12c466d242500c21627bfa93f1d064e49a.pdf",
		"text": "https://archive.orkl.eu/1ba44c12c466d242500c21627bfa93f1d064e49a.txt",
		"img": "https://archive.orkl.eu/1ba44c12c466d242500c21627bfa93f1d064e49a.jpg"
	}
}