- Customers have to turn on the "Remote Support" setting for approving Trend IR Service Team to work on the incident case.
- Forensics Workspaces are only active for 30 days from its created date (The investigation is closed after 30 days). Although the workspace's OSQuery, Yara Scan and Timeline result could be reviewed afterwards (accessible for 180 days until the workspace expires), the Evidence Report of Forensics Workspace would not be available after 30 days. Forensics App users could re-create a new workspace and re-import the same Evidence package (expires after 360 days when evidence was collected) from Evidence Archive View.
- If you prefer to extend the current Workspace in active status for working on Evidence Report during incident investigation, you could contact Trend Micro Support Team to prolong the Investigation on Evidence Report. Forensics Workspace will have your Evidence available for Search and Timeline editing by adding evidence record to Timeline.
Views:
Keywords: forensics workspace requirement, forensics workspace info guidelines