The latest updates to the Cado Platform throughout Q3 have brought even more flexibility, automation, and efficiency to cloud forensics and incident response. From enhanced host acquisition options to an improved investigation experience, these updates empower security teams to act faster and with greater confidence.
Custom Collection: Choose the Artifacts That Matter Most
With the new ‘Enable Custom Collection’ feature, users can define exactly which groups of artifacts they want to collect during host acquisitions. This granular control helps tailor acquisitions to specific investigations, reducing unnecessary data collection and expediting forensic analysis.
The wide variety of artifact groups the Cado platform now has available to narrow your search.
‘Max Mode’: Capture the Full Picture
For those who need comprehensive evidence collection, ‘Max Mode’ enables the acquisition of a much broader set of artifacts, ensuring that no critical forensic data is missed.
When Max mode is enabled in the Cado Platform a warning is displayed that it will generate a large fileset and take longer than a normal collection.
Managing permissions across multiple cloud and security platforms can be challenging. The new Account Checks feature (Settings > Cloud) allows users to verify whether the correct permissions are in place for cloud, XDR, and SaaS accounts—reducing misconfigurations and ensuring seamless evidence collection.
The Acquire-Only option allows users to collect evidence without immediate processing. This is especially useful for:
Security teams can now automate full disk acquisitions when AWS GuardDuty alerts are triggered. This ensures rapid evidence preservation in response to potential threats, reducing manual effort and improving incident response efficiency.
The Just-in-Time (JIT) access feature enables users to perform acquisitions using temporary credentials generated by third-party tools such as HashiCorp Vault. This provides an extra layer of security while improving flexibility in how credentials are managed.
A redesigned Overview Page introduces enhanced visualizations, allowing security teams to quickly assess malicious and suspicious activity on a timeline. This streamlined interface makes it easier to identify patterns and key events in an investigation.
The new ‘Relevance’ filter enhances Automated Investigations, allowing users to quickly narrow down timeline events based on their importance to an investigation. This significantly reduces noise and helps teams focus on the most critical forensic data.
The New Relevance filter in action.
Cado now supports a simplified single-VM deployment model that works across all major cloud providers—AWS, Azure, and GCP. This makes it easier than ever to deploy and manage Cado in multi-cloud environments.
These updates continue to make the Cado Platform faster, more flexible, and more efficient. Want to see them in action? Contact our team to Book a demo.