Digital Forensics and Incident Response

OpenText Endpoint Investigator

Investigate cybercrimes, data breaches, and fraud with forensic tools

Internal investigation and digital forensics tool

Increasing cyber threats, rising compliance demands, and resource limitations are driving the need for corporate internal investigations. These investigations require speed, scale, defensibility, and deep visibility into digital evidence.

OpenText™ Endpoint Investigator is a powerful digital forensics tool for corporate forensic investigations, enabling remote, discreet data collection across endpoints. Designed for enterprise digital forensics, it supports digital forensics and incident response with scalable, agentless acquisition. This makes it ideal for DFIR solutions for enterprises that need fast, accurate, and forensically sound results.

Why OpenText Endpoint Investigator?

OpenText Endpoint Investigator is enterprise digital forensic investigation technology that integrates into your security framework. It delivers the speed, precision and visibility needed to resolve cases efficiently and maintain business continuity.

Any content
can be collected as digital forensic evidence—anywhere, anytime, any size
Simply specify the data you need from each endpoint and the appropriate enterprise digital forensic collection methodology automatically deploys.
Efficiency
is improved by finding artifacts faster
Easily identify relevant digital forensic artifacts such as pictures, chats, and browser histories using artifact-based cataloging and keyword search.
Visibility
into your endpoints is improved
Power your digital forensics investigative team with a web-based intuitive interface, larger volume collections, and automatic endpoint checks.

With OpenText Endpoint Investigator, I’m able to take care of 80 percent of my workload in 48 hours.

Deputy Director IRM Office and ISSO
US Federal Agency

Use cases

OpenText Endpoint Investigator supports investigations such as insider threats, breach response, and audits. It delivers enterprise digital forensics capabilities, enabling fast, remote evidence collection for forensics and incident response.

Conduct enterprise digital forensic investigations into cyberattacks—such as malware infections, ransomware, or data breaches—while quickly containing the threat and preserving evidence for legal or regulatory purposes.
Detect and investigate suspicious activities or malicious actions by employees or contractors. Discover identify data theft, intellectual property theft, fraud, violations of company policies, and more.
Ensure adherence to industry regulations like GDPR, HIPAA, PCI-DSS, and SOX by collecting, preserving, and analyzing digital forensic evidence to demonstrate compliance or to respond to audits and investigations.
Identify and mitigate threats quickly, even in an environment where trust is never assumed. Provide visibility into user and device behavior and ensure that all evidence is securely captured and preserved for post-incident analysis.

Key features

Quickly, securely, and confidently conduct enterprise digital forensic and incident response operations.

Enhanced web-based interface

Transitions easily between preview, collection, and response functions while streamlining collaborative digital forensic investigations.

Automated large-scale collections

Scales to over 1,000,000 endpoints and automatically identifies and deploys the appropriate collection method based on the specified data required from each endpoint.

Single enhanced universal agent

Offers uniform capabilities across Windows and macOS for simplified deployment and faster data collection as part of your digital forensic and incident response operations.

Collection APIs

Automates digital forensic evidence collection with API-driven snapshots, file collections, memory capture, and timeline generation, reducing manual effort and enhancing DFIR staff efficiency.

Integrated threat intelligence

Leverages industry-leading OpenText™ Threat Intelligence, which supports digital forensic and incident response teams by prioritizing known malicious items for immediate action.

Artifact-based workflows

Improves digital forensic investigative efficiency by quickly identifying relevant forensic artifacts as well as offering alongside deep-dive forensic capabilities.

Automated agent deployment

Ensures a frictionless approach to data collection with agents that are automatically pushed out, delivering endpoint check-ins every five minutes.

Enterprise endpoint dashboard

Provides a comprehensive view of enterprise endpoints, offering visibility into agent deployment status and communication readiness.

Accelerate the value of OpenText Endpoint Investigator

Add-Ons

Extend your enterprise investigations with additional digital forensic and incident response capabilities.

Capture, collect, and analyze critical mobile device evidence faster

OpenText™ Mobile Investigator

Identify, collect, and preserve electronically stored information (ESI) at scale

OpenText™ Information Assurance

Professional Services

OpenText Professional Services combines end-to-end solution implementation with comprehensive technology services to help improve systems.

Get a trusted partner to guide your information management path

Your journey to success
Accelerate your information management journey

Consulting Services

Propel your business into the future with modern solutions

NextGen Services
Unlock the full potential of your information management solution

Customer Success Services

Partners

OpenText helps customers find the right solution, the right support, and the right outcome.

Search OpenText's Partner directory

Find a Partner
Explore OpenText's Partner solutions catalog

Application Marketplace

Industry-leading organizations that enhance OpenText products and solutions

Strategic Partners

Training

OpenText Endpoint Investigator is deployed as an off-cloud, on-premises software, managed either by your organization or by OpenText

Learn how to use OpenText software within your organization to analyze digital media and provide detailed documentation about your findings

Training for enterprise forensic analysts and examiners
Unlimited access to training with personalized tiers to fit your needs

Learning Subscriptions

Meet the demands of all types of users for effective adoption

Learning Services

Communities

Explore our OpenText communities. Connect with individuals and companies to get insight and support. Get involved in the discussion.

Explore ideas, join discussions, and network

OpenText’s forums

Premium Support

Optimize the value of your OpenText solution with dedicated experts who provide mission-critical support for your complex IT environment.

Get personalized, one-on-one assistance from technical and strategic experts

Premium Support

OpenText Endpoint Investigator resources

US firm finds the facts hidden in data with forensic investigation technology

Learn more

Nonprofit healthcare provider accelerates eDiscovery processes and data security

Learn more

City transforms digital forensics for efficiency, productivity, and time savings

Learn more

See more success stories

It uses agentless or lightweight agent-based technology to access live or offline endpoints and collect files, memory, registry entries, browser history, and more without alerting the user.
Yes, it enables stealth investigations with minimal impact on the target device, ensuring that normal user activities are not interrupted.
It can collect a wide range of forensic artifacts, including file metadata, deleted files, emails, internet history, registry keys, memory snapshots, and running processes.
Unlike other tools, OpenText Endpoint Investigator offers scalable, remote access, faster data acquisition, broader endpoint visibility and both deep-dive and artifact-based workflows.
It is highly scalable and can be used across enterprises with >1,000,000 endpoints—on-site or globally distributed.
Yes. It provides visibility into user activity, file access, and behavior patterns critical for identifying insider threats.
OpenText Endpoint Investigator collects files, metadata, deleted files, memory dumps, browser history, registry data, running processes, user activity logs, and more.

Take the next step

Explore how OpenText Endpoint Investigator can elevate your forensic investigations. Schedule a demo or speak with an expert to see how you can gain deeper insights faster and with confidence.

Contact us

Aviator AIAviator AI

Analytics CloudAnalytics Cloud

Data Lakehouse & AnalyticsData Lakehouse & Analytics

BI, Visualization & ReportingBI, Visualization & Reporting

eDiscovery with AIeDiscovery with AI

OpenText™ Aviator Search

Business Network CloudBusiness Network Cloud

Supply Chain AutomationSupply Chain Automation

B2B IntegrationB2B Integration

Secure CollaborationSecure Collaboration

Supply Chain TraceabilitySupply Chain Traceability

Supply Chain InsightsSupply Chain Insights

Industry Applications and ServicesIndustry Applications and Services

OpenText™ Business Network Aviator

Content CloudContent Cloud

Document ManagementDocument Management

AI Content ManagementAI Content Management

Capture and Intelligent Document ProcessingCapture and Intelligent Document Processing

Process AutomationProcess Automation

Business IntegrationsBusiness Integrations

Information ArchivingInformation Archiving

Industry SolutionsIndustry Solutions

Information GovernanceInformation Governance

OpenText™ Content Aviator

Cybersecurity CloudCybersecurity Cloud

Application Security TestingApplication Security Testing

Data SecurityData Security

Security OperationsSecurity Operations

Identity and Access ManagementIdentity and Access Management

Digital Forensics and Incident ResponseDigital Forensics and Incident Response

OpenText™ Cybersecurity Aviator

DevOps CloudDevOps Cloud

DevOps PlatformDevOps Platform

Functional TestingFunctional Testing

PPM and Strategic Portfolio ManagementPPM and Strategic Portfolio Management

Quality ManagementQuality Management

Performance EngineeringPerformance Engineering

OpenText™ DevOps Aviator

Experience CloudExperience Cloud

Web & Mobile ExperiencesWeb & Mobile Experiences

Contact Center AnalyticsContact Center Analytics

Messaging & FaxMessaging & Fax

Customer CommunicationsCustomer Communications

Digital Asset ManagementDigital Asset Management

Customer Journey and DataCustomer Journey and Data

OpenText™ Experience Aviator

Observability and Service Management CloudObservability and Service Management Cloud

Service ManagementService Management

ObservabilityObservability

AIOpsAIOps

Automation and Vulnerability RemediationAutomation and Vulnerability Remediation

CMDB and Asset ManagementCMDB and Asset Management

OpenText™ Service Management Aviator

OpenText™ ThrustOpenText™ Thrust

OpenText™ Thrust bundleOpenText™ Thrust bundle

OpenText™ Aviator Thrust

Device and Data ProtectionDevice and Data Protection

Enterprise Data Backup and Disaster Recovery SolutionsEnterprise Data Backup and Disaster Recovery Solutions

Unified Endpoint Management ToolsUnified Endpoint Management Tools

Hybrid Work, Email, and Team Collaboration Hybrid Work, Email, and Team Collaboration

Email Archiving, E-Discovery, Data Archiving ComplianceEmail Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document ManagementConnectivity and Document Management

Information reimaginedInformation reimagined

Artificial IntelligenceArtificial Intelligence

IndustryIndustry

Enterprise ApplicationsEnterprise Applications

Your journey to successYour journey to success

Customer SupportCustomer Support

Customer Success ServicesCustomer Success Services

Consulting ServicesConsulting Services

NextGen ServicesNextGen Services

Cloud MigrationCloud Migration

Latest product releasesLatest product releases

Learning ServicesLearning Services

Managed ServicesManaged Services

Find an OpenText PartnerFind an OpenText Partner

Find a Partner SolutionFind a Partner Solution

Grow as a PartnerGrow as a Partner

Become a Partner

Asset LibraryAsset Library

Aviator AI

Analytics Cloud

Data Lakehouse & Analytics

BI, Visualization & Reporting

eDiscovery with AI

Business Network Cloud

Supply Chain Automation

B2B Integration

Secure Collaboration

Supply Chain Traceability

Supply Chain Insights

Industry Applications and Services

Content Cloud

Document Management

AI Content Management

Capture and Intelligent Document Processing

Process Automation

Business Integrations

Information Archiving

Industry Solutions

Information Governance

Cybersecurity Cloud

Application Security Testing

Data Security

Security Operations

Identity and Access Management

Digital Forensics and Incident Response

DevOps Cloud

DevOps Platform

Functional Testing

PPM and Strategic Portfolio Management

Quality Management

Performance Engineering

Experience Cloud

Web & Mobile Experiences

Contact Center Analytics

Messaging & Fax

Customer Communications

Digital Asset Management

Customer Journey and Data

Observability and Service Management Cloud

Service Management

Observability

AIOps

Automation and Vulnerability Remediation

CMDB and Asset Management

OpenText™ Thrust

OpenText™ Thrust bundle

Device and Data Protection

Enterprise Data Backup and Disaster Recovery Solutions

Unified Endpoint Management Tools

Hybrid Work, Email, and Team Collaboration

Email Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document Management

Information reimagined

Artificial Intelligence

Industry

Enterprise Applications

Your journey to success

Customer Support

Customer Success Services

Consulting Services

NextGen Services

Cloud Migration

Latest product releases

Learning Services

Managed Services

Find an OpenText Partner

Find a Partner Solution

Grow as a Partner

Asset Library

Blogs

Events

Communities

Customer Stories

OpenText Navigator

Marketplace