Skip to main content

Key Concepts

Below we describe some of the key concepts in the Cado platform.


An evidence item is a source of data. It may be a single file, or a folder or archive containing many files.


A project is a grouping of different evidence items, and also holds information such as notes users have made.


Cado parses events from evidence items. These events may have times associated with them. They may also be tagged as Alarm, which indicates a high likelihood of malicious activity, or Suspicious, which indicates a lower likelihood of malicious activity.