This document describes Azure Forensics & Incident Response which allows users to preserve intrusion evidence without impacting production systems through easy data collection from cloud, containers, and on-premises systems. It uses a patent-pending cloud-based architecture to provide quick automated data processing that is fast, efficient, and effective. This gives users complete visibility and context through seamless investigation of host, log, and memory data sources to identify the root cause using another patent-pending analytics engine.

1. Azure Forensics &
Incident Response

2. Preserve Intrusion Evidence
Zero-impact to
production systems
Easy data collection from anywhere:
✓ Cloud
✓ Containers
✓ On-prem systems

3. Investigate at Cloud Speed
Quick automated data processing:
✓ Fast
✓ Efficient
✓ Effective
Patent-pending
cloud-based architecture

4. Understand the Full Picture
Complete
visibility and context
Seamless investigation of
multiple data sources:
✓ Host
✓ Logs
✓ Memory

5. Identify Root Cause
Patent-pending
analytics engine
Powerful analytics that saves:
✓ Time
✓ Resources
✓ Money

6. Cado Use Cases
● Conduct forensics
investigations across
complex & expansive cloud
environments
● Investigate cloud incidents
that span multiple cloud
platforms, regions, systems,
and accounts with ease
● Capture incident data
before it’s gone across
virtualization technologies
that continuously grow,
shrink and recycle data
● Process and investigate
container environments and
auto scaling groups
● Ensure optimal security
even where an agent-based
detection solution can’t be
deployed
● Conduct threat hunts
across high-availability
production systems with
zero impact
Cloud Forensics Container Forensics Cloud Threat Hunting

7. Know Your Cloud
with Cado.
www.cadosecurity.com