Quickly and easily conduct in-depth security forensics investigations

What's behind a cyber attack?


IBM® QRadar® Incident Forensics allows you to retrace the step-by-step actions of a potential attacker, and quickly and easily conduct an in-depth forensics investigation of suspected malicious network security incidents. It reduces the time it takes security teams to investigate QRadar offense records, in many cases from days to hours—or even minutes. It can also help you remediate a network security breach and prevent it from happening again.

IBM QRadar Incident Forensics offers an optional IBM QRadar Packet Capture appliance to store and manage data used by IBM QRadar Incident Forensics if no other network packet capture (PCAP) device is deployed. Any number of these appliances can be installed as a tap on a network or sub-network to collect the raw packet data.

IBM QRadar Incident Forensics:

Retraces the step-by-step actions of cyber criminals

Reconstructs raw network data related to a security incident

Integrates with IBM QRadar Security Intelligence Platform


  • Security intelligence blog: Get more insight about IBM QRadar Incident Forensics

    See what security specialists are saying and join the conversation.

IBM QRadar Incident Forensics resources

Not in United States?

Considering a purchase?

Contact IBM

Considering a purchase?