The Cado platform leverages the power of the cloud to deliver a smarter and faster way to investigate and respond to cyber threats. Cado provides broad support across multi-cloud, container and serverless environments, eliminating blind spots that have previously made forensics and incident response challenging or impossible.

Amazon smile logo

Amazon Web Services (AWS)

Cado empowers security experts to understand the impact of incidents in AWS, the most widely-adopted cloud platform. The Cado platform enables investigations of EC2 instances, cloud logs including Guard Duty, CloudTrail and AWS SSM, and Amazon’s managed Kubernetes service (AmazonEKS). Cado also supports processing numerous files systems including Amazon’s Linux XFS.

Azure logo


Cado delivers the visibility that’s required to identify and eliminate risk across Azure environments, regardless of its size and complexity. The Cado platform enables investigations of virtual machines and disks from Azure compute. Cado supports numerous file formats including Azure’s native VHD and VHDX.


Virtualization technology has come a long way and has been great for enterprises across the board. However, the dynamic and ephemeral nature of these resources can make it nearly impossible to investigate a potential compromise. The Cado platform enables security teams to automate the acquisition of forensically-sound data of containers to ensure critical information is not lost. Cado also parses logs from Docker and Kubernetes to ensure security teams can quickly identify and investigate compromises in containerized environments.


The Cado platform delivers extended visibility of AWS ECS Fargate and Lambda. Cado enables security teams to capture, process, and analyze critical evidence including key files and folders from AWS Fargate – a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes (EKS). The platform also empowers security teams to investigate the execution of AWS Lambda serverless functions alongside other valuable data sources in a single timeline to deliver enhanced context to incident investigations.

Cross Cloud

As enterprises continue to embrace multi-cloud strategies to adhere to evolving regulations, manage risk, and enhance resiliency, seamless cross-cloud visibility is key. Cado’s cross-cloud support delivers unprecedented visibility and context across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) environments. The Cado platform unifies data captured across multiple cloud platforms in a single timeline so that security teams can seamlessly dive into important data, identify incident root cause and respond efficiently.

Green laptop

On Premises

Cado also supports investigations of data captured from on-premises environments. By uploading on-premises data to an Amazon S3 bucket or Azure blob and importing it into the Cado platform, security teams can take advantage of Cado’s scalable architecture and processing engine, while benefiting from added context when analyzed alongside other valuable data sources.

Get a Demo

Request your demo today to see how Cado enables forensics and incident response in the cloud.