Darktrace, a global provider of AI for cybersecurity, has launched Darktrace/Forensic Acquisition & Investigation, an automated cloud forensics solution that’s designed to give security teams immediate access to forensic-level data, equipping them with context to investigate threats quickly across hybrid, multi-cloud and on-premises environments.
The solution captures and analyzes host-level evidence—including disk, memory and logs—the moment a threat is detected, even from short-lived assets such as containers or serverless workloads. These investigations can be triggered by Darktrace or by detections from existing cloud security tools, the company said.
Unlike point solutions that depend on manual snapshots or agents, Darktrace collects evidence directly through cloud APIs to ensure investigations begin instantly and critical data from ephemeral workloads including AWS, ECS, Kubernetes and distro-less or no-shell containers is preserved. “By preserving volatile data and reconstructing attacker behavior in real time, the solution adds critical context to everyday investigations, enabling security teams to understand root causes quickly and shorten investigation times from days to mere minutes,” officials said.
The solution offers flexible SaaS or on-premises deployment and integrates with existing SIEM, XDR, CNAPP, EDR, NDR and cloud-native tools, so that any alert can trigger immediate forensic capture and investigation, the company said.
Darktrace/Forensic Acquisition & Investigation can be deployed as a standalone product or integrated across the Darktrace ActiveAI Security Platform for end-to-end investigations and response across an organization’s entire digital estate. “It is particularly powerful when paired with Darktrace/CLOUD, where the two solutions bring together real-time cloud detection and response and forensic-level investigation in a single workflow,” officials said.
Darktrace/CLOUD offers autonomous detection and response in which self-learning AI continuously monitors cloud environments to spot known and novel threats and automatically contain them. In addition, dynamic cloud visibility includes live mapping of assets, services and architectures to reveal blind spots, track attacker movement and provide real-time context. It also features automated posture checks and attack path modeling that can surface misconfigurations and exposures before attackers can exploit them, the company said.
“Cloud adoption has unlocked extraordinary opportunities for innovation but has also created new challenges and blind spots for security teams,” said Connie Stride, SVP of product for Darktrace. “By bringing pioneering forensic technology into the Darktrace platform, we’ve combined industry-leading cloud detection, autonomous response and automated forensics in one place. This transforms how organizations can defend the cloud, delivering forensic-level clarity in minutes, ensuring access to essential data before it disappears, and empowering every security team to respond decisively against modern cloud threats.”
