Xcitium Forensic Analysis Tool

• Introduction To Comodo Forensic Analysis
• Run Forensic Analysis
  • The Main Interface
• Scan Computers
  • Scan Computers In An Active Directory Domain
  • Scan Computers In A Workgroup
  • Scan Computers By Network Addresses
  • Scan Your Local Computer
• Scan Results
  • Comodo Forensic Analysis Results
  • Manual Valkyrie Analysis Results
• Discover Computers
• Reports
  • Executive Report
  • Device Report
  • Program Report
• About Comodo Forensic Analysis
• Agent Requirements
• About Comodo Security Solutions

Comodo Forensic Analysis Results

The scan results of both Comodo Forensic Analysis tool and the Valkyrie analysis will be displayed in the CFA's main display area. The scan results are provided for each computer that the CFA tool has scanned including the name of the computer and the name of their detected files.

Administrators can view the infected files, malicious files, the files that are in analysis, unknown files in the CFA interface.

• Click on the plus symbol beside each endpoint to expand and view the details of detected files in it such number of endpoint scanned, its file name and so on.

Searching, sorting and filtering Options

Searching Option

• To search for a particular endpoint, enter its name or IP address partially or fully in the 'Search' box at the top right

The items that match the search criteria will be displayed.

• To display all the endpoints again, clear the search box.

Sorting Option

• Click on the 'Name' column header to sort the endpoints in ascending/descending order

• To sort the files in ascending/descending order according to its name and size, expand the endpoints to display the detected files and click on the 'Name' and 'Size' column headers

Filtering Option

• Click the funnel icon  at the end of 'Name' column

• Select the filter criteria from the options

• In Progress - Displays the endpoints in which the scanning is in progress

• Canceled - Displays the endpoints for which the scanning was canceled

• Completed - Displays the endpoints for which the scanning was completed

• Failed - Displays the endpoints for which the scanning failed

• Offline - Displays the endpoints that have gone offline during the scanning process

• If the filter icon is in blue color , it indicates filter(s) are applied

• To display all the endpoints again, click 'Clear Filter'

Valkyrie Analysis Results:

Valkyrie is a cloud based file analysis system that is completely different from the conventional signature based malware detection technique. The automatically uploaded files are analyzed dynamically and statically. The dynamic process includes the run-time behavior and static process includes analyzing the file's binary properties extracted from it such as its sections, entropy, packer type and many more. Any deviation from the expected values in these features provide a clue about the nature of file.

The CFA tool displays results of both files analyzed by Forensic Analysis and Valkyrie analysis

To view the scan results in Valkyrie click 'Detailed Scan results' button. The results displaying the details of the scan including the number of malware and unknown files will open in the Comodo Valkyrie application.

The results displays the details such as the name of the file, its path, the scanning verdict and more. Refer to the section 'Valkyrie Analysis Results' for more details.