Skip to main content

Import Overview

The Cado platform provides multiple ways to bring evidence into an Investigation—from cloud services and Kubernetes to endpoint triage and third‑party images—and will automatically process it according to your Processing Settings.

This section helps you choose the right import method for your use case, understand prerequisites, and jump straight to the how‑to guides.

Next steps

GoalPageDescription
Understand the import UI and flowImport dataOverview of import options and automatic processing behavior.
Import from any cloud accountImport from cloudChoose a Cloud Role, filter by provider, and import multiple resources.
Acquire AWS EC2/EBSAWS: EC2 & EBSFull volume or triage via SSM
Handle very large EC2 volumesAWS: Large EC2 importsTips for large disks.
Import from Amazon S3AWS: S3Upload/import disk images or archives from S3.
AWS containersAWS: ECSAcquire container artifacts/logs from ECS.
Import Azure VMsAzure: ComputeSelect subscription/resources and start imports for Azure VMs.
Import from Azure Blob StorageAzure: StorageUpload/import using Azure Console, SAS tokens, or Access Keys.
Azure KubernetesAKSGuided container import for AKS.
Import GCP instancesGCP: Compute EngineGuided import for Google Compute Engine VMs.
Import from GCP StorageGCP: Cloud StorageUpload via Console or OAuth 2.0 desktop tools.
Container acquisitions (generic)KubernetesControl‑plane acquisition, RBAC requirements, and sidecar/debug flows.
Google KubernetesGKEGuided container import for GKE.
Triage with Cado HostWhat is Cado HostOverview of endpoint triage collections and upload targets.
Deploy Cado HostDeploy Cado HostLaunch from the UI or run standalone.
See collected itemsCollected artifactsDefault artifacts by OS and customization options.
Import other tool outputsThird‑party disk images & triageWork with traditional forensic capture tools.
Automate after alertsAutomating collection from detectionsDefender/CrowdStrike/GuardDuty/Wiz flows and response actions.
Integrate programmaticallyAPI overviewUse the Cado API and webhooks/SOAR for imports and more.
Manage InvestigationsManaging investigationsCreate/update, view processing pipeline, and housekeeping.
Verify provenanceChain of custodyWhere to find evidence metadata and audit logs.