INCI

INCI

Administrators should avoid logging into systems showing abnormal or suspicious behavior, as this may compromise their credentials. Instead, use INCI — a discreet tool for acquiring live system data and volatile memory (RAM) in a standardized way, without the need for administrator privileges. INCI can be launched via a desktop shortcut or a keyboard command by a standard user.

INCI empowers incident response and IT support teams to act quickly and, with a single message, instruct the user to:

  • Initiate the acquisition of critical system information.
  • Preserve live analysis opportunities by capturing in-memory artifacts instead of just rebooting or shutting down.
  • Stop an attack by isolating the computer from all connected networks.

    • Key Features:

    • Easy-friendly Acquisition of live data (RAM) together with important log data
    • Forensically Sound - Preserves chain-of-custody and ensures data integrity
    • Field-Proven Efficiency during several incidents
    • Fast & Lightweight

    Price: €59.00 / month (Business license)

    A license may be installed on any number of computers within the organization. Only one license is required per corporate registration number; however, a subsidiary must obtain its own license.

More about the software

A majority of today's cyber attacks leave no digital traces on a computer's hard drive. They are called file-less attacks. But, the malicious code still hides and executes from the internal memory (RAM). Therefore, an incident investigator that only focuses on analysis of hard drives and log files will miss important information.

When a computer intrusion is suspected, immediate action is critical. To preserve the most accurate investigation data, it's essential to preserve the current state and capture volatile information before it is lost. Rapid containment of an ongoing attack is equally important. INCI enables swift, effective response in both cases.

FAQ

INCI is a Windows background service that automates the acquisition of live data and internal memory (RAM) without requiring an administrator to initiate the process. It helps capture volatile data and stop ongoing cyberattacks in real time.

When a security incident is suspected, time is critical. INCI provides a standardized and reliable process to quickly secure evidence and contain threats — even before IT experts are available. It empowers regular users to initiate forensic data collection and isolate affected systems, reducing the risk of malware spreading to other computers or servers. Standardization not only enables faster action during the incident but also ensures better-quality evidence for the subsequent analysis — helping identify how and why the attack succeeded.

Whether dealing with file-less attacks that leave no traces on disk or needing to act while administrators are overloaded, INCI ensures that your response is fast, structured, and effective.

INCI runs on both client and server computers using Windows 10/11. It does not require local administrator rights to launch (via a desktop icon or a configurable keyboard shortcut). There are no specific hardware requirements, as it has minimal impact on system performance. Installation must be performed from an account with administrative privileges.

No, INCI is developed specifically for Windows systems. There is no version available for Mac or Linux.

Media