diff --git a/images/timetriage.gif b/images/timetriage.gif
new file mode 100644
index 0000000..2ff2fec
Binary files /dev/null and b/images/timetriage.gif differ
diff --git a/triage.md b/triage.md
index 03d35e5..c54c82c 100644
--- a/triage.md
+++ b/triage.md
@@ -7,6 +7,8 @@ title: Triage Analysis
 
 # Section 4: Triage Analysis #
 
+![alt text](https://securedorg.github.io/images/timetriage.gif "hourglass")
+
 Depending on your workload, you want to spend the least amount of time trying to determine what the malware is doing and how to get rid of it. Many malware analysts use their own triage analysis, similar to that in the Emergency Room at the hospital.
 
 You will want to quickly narrow down specific information and indicators before moving on to deeper static and dynamic analysis.