Import Overview
The Cado platform provides multiple ways to bring evidence into an Investigation—from cloud services and Kubernetes to endpoint triage and third‑party images—and will automatically process it according to your Processing Settings.
This section helps you choose the right import method for your use case, understand prerequisites, and jump straight to the how‑to guides.
Next steps
| Goal | Page | Description |
|---|---|---|
| Understand the import UI and flow | Import data | Overview of import options and automatic processing behavior. |
| Import from any cloud account | Import from cloud | Choose a Cloud Role, filter by provider, and import multiple resources. |
| Acquire AWS EC2/EBS | AWS: EC2 & EBS | Full volume or triage via SSM |
| Handle very large EC2 volumes | AWS: Large EC2 imports | Tips for large disks. |
| Import from Amazon S3 | AWS: S3 | Upload/import disk images or archives from S3. |
| AWS containers | AWS: ECS | Acquire container artifacts/logs from ECS. |
| Import Azure VMs | Azure: Compute | Select subscription/resources and start imports for Azure VMs. |
| Import from Azure Blob Storage | Azure: Storage | Upload/import using Azure Console, SAS tokens, or Access Keys. |
| Azure Kubernetes | AKS | Guided container import for AKS. |
| Import GCP instances | GCP: Compute Engine | Guided import for Google Compute Engine VMs. |
| Import from GCP Storage | GCP: Cloud Storage | Upload via Console or OAuth 2.0 desktop tools. |
| Container acquisitions (generic) | Kubernetes | Control‑plane acquisition, RBAC requirements, and sidecar/debug flows. |
| Google Kubernetes | GKE | Guided container import for GKE. |
| Triage with Cado Host | What is Cado Host | Overview of endpoint triage collections and upload targets. |
| Deploy Cado Host | Deploy Cado Host | Launch from the UI or run standalone. |
| See collected items | Collected artifacts | Default artifacts by OS and customization options. |
| Import other tool outputs | Third‑party disk images & triage | Work with traditional forensic capture tools. |
| Automate after alerts | Automating collection from detections | Defender/CrowdStrike/GuardDuty/Wiz flows and response actions. |
| Integrate programmatically | API overview | Use the Cado API and webhooks/SOAR for imports and more. |
| Manage Investigations | Managing investigations | Create/update, view processing pipeline, and housekeeping. |
| Verify provenance | Chain of custody | Where to find evidence metadata and audit logs. |