Triage Computers to Reduce Forensic Backlogs and Lower Costs
Forensic backlogs are a major problem today, and many forensic labs have drastically reduced backlogs by as much as 90% by implementing proven triage processes.
Real-world forensic experience shows that 40% to 50% of all full forensic examinations return negative results. Full examinations can take weeks, whereas triage scans can take only hours to detect the same negative findings, thereby saving significant expense and time.
[wpspoiler name=”Click to Learn More About ADF Triage-Examiner” ]
Extreme ease of use
Triage-Examiner from ADF Solutions is deployed on a Triage key (a 32GB USB flash drive or USB hard drive) and does not require expensive computers or hardware components. Using predefined search profiles, the setup process can be done in two easy steps. The tool is completely automated and runs directly on the suspect computer with minimal user interaction. Triage-Examiner can also utilize the suspect computer to view the results in real time. Click the image below to view software screenshots.
Find critical evidence in minutes
ADF tools search the entire suspect drive in four categories and integrate unique technologies, including ActivitySensorTM that allow users to target high value files as quickly as possible. This technology is critical in scenarios where you have limited time to scan a computer.
View evidence immediately
When inserted into the suspect computer, Triage-Examiner automatically collects critical information and identifies valuable evidence. The collected data can be viewed immediately on the suspect computer or examined later for further analysis. Click the image below to view software screenshots.
Powerful search capabilities
SearchPaks® use a patented process to capture and deploy powerful search or forensic intelligence. They can be easily configured by users to identify critical evidence, including search terms, hash values, image analysis, and regular expressions. The search can be narrowed on file properties including dates, file size, etc. Triage-Examiner also collects extensive system captures, including Internet search and browsing histories, browser map search history, USB device history, and most-used applications. Click the image below to view software screenshots.
Comprehensive reporting capabilities
Customized HTML or CSV reports can easily be created for distribution. Click image below to view sample HTML report.
Single device to triage computers using Windows, Macintosh, and Linux platforms
When out in the field, it is critical that examiners have a simple, single tool that can extract intelligence from multiple devices and systems. Triage-Examiner was designed with this in mind and supports multiple operating platforms including Windows, Macintosh, and Linux.
Scan multiple computers simultaneously with a single license to lower investigation costs
Triage-Examiner is designed to scan computers with a single USB-based ADF license dongle and a separate generic (non-ADF) USB collection device. As a result, users can set up unlimited generic USB collection devices and leverage a single ADF license dongle to start simultaneous scans on multiple computers. Click the image below to enlarge.
Live analysis of computers running Windows to capture volatile evidence
When examiners cannot risk losing valuable information by turning off a suspect computer, they need to be able to capture the evidence from a running or live device. Triage-Examiner allows live analysis of computers running Windows that cannot be shut down, which minimizes the risk of losing valuable intelligence by capturing all volatile data, including memory from all 32-bit and 64-bit windows operating systems.
Fully configurable collection of artifacts
Triage-Examiner includes configurable file header definitions for file collection and unallocated space file carving. These key features give forensic examiners the highest confidence in the triage results. Click the image below to view software screenshots.
Reuse and share forensic intelligence
SearchPaks® are encrypted and the permissions restricted to make it easy to disseminate to other examiners inside or outside the organization. The forensic triage community is actively sharing powerful SearchPaks, including those for indecent image detection, indecent keyword detection, registry collection, anti-forensic application detection, and encryption application detection.
Advanced image analysis to quickly identify illegal images
Triage-Examiner includes advanced image-matching technology that bypasses the traditional hash value limitations for identifying altered and similar images, including those that have been deleted or found in Thumbs.db files. This technology has helped identify conclusive evidence without deploying time-consuming forensic resources. Click the image below to enlarge.
Forensically sound to ensure the chain of custody
When investigating sensitive cases, such as those of child exploitation, it is vital that all necessary evidence is viable in order to prosecute the offender. Forensic triage provides a forensically sound strategy to get quick results while maintaining the integrity of the case and preserving all the collected files, including log records.
The Triage-Examiner Kit includes:
- One portable travel case
- One licensed authentication key
- One 32GB high-speed USB key
- One bootable CD
- One USB extension cable
- One teasing needle
- One portable flashlight