Case Overview
No case metadata — configure via Case Settings
T1Initial Access
T2Execution
T3Persistence
T4Priv Esc
T5Def Evasion
T6Cred Access
T7Lateral Move
T8Collection
T9Exfiltration
T10Impact
Critical Findings
0
Require immediate action
Total Events
0
Across all sources
IOCs Extracted
0
IPs, hashes, domains
Sources Loaded
0
of 4 source categories
Loaded Data Sources
Windows
—
No data
Network
—
No data
Linux/Mac
—
No data
EDR
—
No data
Investigation Progress
Windows Artefacts0%
Network Logs0%
Linux/Mac Artefacts0%
EDR Telemetry0%
Ransomware Indicator Checklist
Shadow Copy / VSS Deletion
Awaiting data
LSASS Memory Access
Awaiting data
Security Log Cleared (1102/104)
Awaiting data
Mass File Rename / Encryption
Awaiting data
Ransom Note Dropped
Awaiting data
C2 Beacon Pattern Detected
Awaiting data
Lateral SMB (WS-to-WS on 445)
Awaiting data
DCSync / Kerberoasting
Awaiting data
Recent Critical Findings
No data ingested yet
Import log files and artefacts via Data Ingest to begin analysis
Data Ingest
Import log files and forensic artefacts for analysis
Files Loaded
0
Total uploaded
Parsed
0
Successfully processed
Total Records
0
Events extracted
Errors
0
Parse failures
Windows Host Artefacts
▾
Drop Windows log files here
or click to browse
EVTX Export CSV
Hayabusa JSON
Chainsaw JSON
Sysmon CSV
PECmd CSV
MFTECmd CSV
AmCache CSV
Network & Perimeter Logs
▾
Drop network log files here
or click to browse
Firewall CSV/Syslog
Zeek logs (TSV)
DNS Logs
Proxy CSV
NetFlow CSV
Suricata EVE JSON
PCAP (Zeek extract)
Linux / macOS Host Artefacts
▾
Drop Linux / macOS log files here
or click to browse
auth.log / secure
syslog
audit.log
bash_history
macOS Unified Log CSV
cron entries
journald export
EDR Telemetry Exports
▾
Drop EDR export files here
or click to browse
MDE Advanced Hunting CSV
CrowdStrike FDR CSV
SentinelOne Deep Visibility
Cortex XDR JSON
Carbon Black CSV
Unified Timeline
All events merged and sorted by UTC timestamp
All
T1Exec
T2Persist
T3Inject
T4Evasion
T5CredDump
T6Lateral
T7Collect
T8Impact
No data parsed yet
Parse log files via Data Ingest to populate the timeline
Windows Host Analysis
Event logs · Prefetch · Registry persistence · Execution artefacts
Critical Events
0
High-priority detections
Unique Hosts
0
Distinct hostnames seen
Unique Accounts
0
Usernames observed
Total Win Events
0
Parsed Windows records
Linux / macOS Host Analysis
Auth logs · Cron · Bash history · Persistence
Critical Events
0
Auth Failures
0
Sudo Commands
0
Total Events
0
EDR Telemetry
Process events · Alerts · Behavioural detections
Critical Alerts
0
Process Events
0
Network Events
0
Total EDR Events
0
Network & Perimeter Analysis
Firewall · DNS · Proxy · C2 detection
C2 Indicators
0
DNS Suspicious
0
Unique Ext IPs
0
Total Net Events
0
IOC Registry
Auto-extracted indicators across all ingested sources
No IOCs extracted yet
IOCs will auto-populate from ingested data in Phase 2
MITRE ATT&CK Heatmap
Techniques detected across all ingested sources — Ransomware profile pre-seeded
Parse data to populate ATT&CK heatmap
Detected techniques will highlight automatically
Report Export
Auto-generated incident report from all analysis findings
TLP:RED — RESTRICTED
Ransomware Incident Analysis Report
1. Executive Summary
No data ingested yet — parse log files to auto-generate this section.
2. Timeline of Events
Timeline will be populated from parsed data.
3. TTPs Observed
No techniques detected yet.
4. Indicators of Compromise
No IOCs extracted yet.
5. Recommendations
Parse data to generate recommendations.