# Triage Summary

| Field | Value |
|---|---|
| Case ID | `{{case_id}}` |
| Target | `{{target}}` |
| Triage Start | `{{triage_start}}` |
| Triage End | `{{triage_end}}` |
| Collector | `{{collector}}` |
| Volatility Order Followed | yes/no |

## Immediate Findings

| Finding | Evidence | Severity | Action |
|---|---|---|---|
| `{{finding_1}}` | `{{evidence_1}}` | `{{severity_1}}` | `{{action_1}}` |

## Volatile Data Captured

- [ ] System time
- [ ] Network connections
- [ ] Process list
- [ ] Logged-in users
- [ ] Open files
- [ ] Routing / ARP / DNS cache

## Red Flags

- [ ] Evidence tampering suspected
- [ ] Privilege escalation observed
- [ ] Active exfiltration suspected
- [ ] Rootkit or persistence suspected
- [ ] Cloud credential abuse suspected

## Next Step

`{{next_step}}`
