Tripwire Enterprise Now Collects Digital Forensic Data to Support Incident Response

PORTLAND, Ore. – November 14, 2018 – Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced that Tripwire® Enterprise now features the ability to collect digital forensic data in the event of a data breach.

"Tripwire Enterprise monitors systems in real-time for changes that could be indicative of a breach," said Tim Erlin, vice president of product management and strategy at Tripwire. "When a security breach is suspected, Tripwire Enterprise's new Incident Response Rules can be used to collect in-depth data on what happened on a system to speed and support incident response."

Tripwire Enterprise delivers forensic data from Windows-based systems file, network, process, USB, and USB artifacts. In each area, Tripwire Enterprise:

  • File Access: Identifies files which have been opened, searched for, or executed, including trusted Microsoft Office locations which may be abused by an attacker.
  • Network Artifacts: Identifies active network connections. These help in identifying whether malware is communicating with command and control servers, and check for active lateral movement from the endpoint.
  • Process Execution: Provides evidence of processes which have been executed on an endpoint. Tripwire Enterprise can show both actively running and executables which have evidence of having been run in the past.
  • USB Usage: Provides a list of actively installed USB drives, drives which have been installed in the past, and any mount points which may be set up on the endpoint. 
  • User Activity: Identifies actions the user has taken on the endpoint and what a user was searching for to help determine a malicious actor’s goal.

Digital forensic capabilities are now available. For more information or for updates on new releases, please contact Tripwire at:

About Tripwire

Tripwire is a leading provider of security, compliance and IT operations solutions for enterprises, industrial organizations, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics. Learn more at, get security news, trends and insights at or follow us on Twitter @TripwireInc.

Press Contacts

Ray Lapena
PR Manager