Live Computer Capture and Triage Tool (CCTT)



A system for executing a cyber investigation by a non-expert user, including a computer having a processor, a memory, and a display; a computer-readable medium having stored thereon instructions for execution of a wizard application, the processor adapted to execute the instructions when the computer-readable medium is inserted into the computer, the processor programmed to: receive case information; receive a type of activity being investigated in response to user inputs to select the activity type from a list of possible activity types; guide the user through capturing data related to the selected activity type through steps presented to the user through one or more screens shown in the display, the steps presented such that a non-expert user can follow them; receive user inputs through a screens to obtain information needed to continue capturing the data related to the selected activity; and store the captured data in a removable data storage device or medium for analysis and use in the cyber investigation.