Digital Forensic Triage

Prioritizing Forensic Evidence

Digital forensics is often like solving a puzzle. You are presented with mountains of information and must figure out how to quickly and cost-efficiently separate the important from the unimportant.

The traditional forensic workflow - collect/image, index/analyze, report - can be too slow or cumbersome for some applications.

Immigration & Customs

Each organization will have its own standards for identifying specific travelers for enhanced screening and inspection. more...

Each organization will have its own standards for identifying specific travelers for enhanced screening and inspection. That may still leave dozens of travelers - each with their own assortment of digital data - to be examined each day. Digital forensic triage tools give agents the ability to take a "quick look" at mobile phones, computers and portable digital storage devices to identify those travelers who may be trafficking in digital contraband or terrorism-related data.

Probation / Parole

Parole officers deal with many cases each day, both in the office and in the field. more...

Parole officers deal with many cases each day, both in the office and in the field. Most parolees are going to have at least a mobile phone - and perhaps multiple devices - and the parole officer needs to figure out quickly if the parolee is engaging in prohibited or illegal activities. Triage tools allow departments to set up automated "profiles" that direct the triage tool to look for specific kinds of files & activity on the parolee's devices.

Child Exploitation / Human Trafficking

Child exploitation and human trafficking cases are often extremely time-sensitive. more...

Child exploitation and human trafficking cases are often extremely time-sensitive. This urgency often means there isn't enough time for investigators to spend hours imaging and then more hours analyzing evidence. Triage tools can give investigators a quick idea about what is happening so officers can be deployed quickly in an effort to recover victims. Traditional forensic tools will often be used as a follow-up when building a full case against perpetrators.

Military and Intelligence Services

In field military and intelligence operations time and secrecy are often of paramount importance. more...

In field military and intelligence operations time and secrecy are often of paramount importance. Forward-deployed military teams frequently find and must exploit digital evidence under intense pressure. Intelligence agencies engage in covert operations demanding speed and stealth. Triage tools help the teams in these kinds of situations to sift through devices and data quickly, minimizing exposure and detection.

Victims and Witnesses

Critical evidence is often found on devices belonging to victims and witnesses. more...

Critical evidence is often found on devices belonging to victims and witnesses. While it may be appropriate to "seize everything" from an alleged perpetrator, the same isn't true for victims and witnesses. Triage tools help investigators to scan victims' and witnesses' devices for relevant evidence while minimizing privacy and legal collection issues.

Automation

Triage "profiles" benefit many of these investigative situations by allowing departments to automate given triage searches. For example, some triage tools use a "green/yellow/red" scoring system, where green indicates "all clear" and yellow/red indicates the detection of evidence warranting a deeper look. This kind of automation allows agents to perform effective triage examinations whether or not they have received in-depth forensic training. In turn, this allows departments to deploy their most expensive resource, their people, most effectively, using trained investigators and forensic examiners only where they will be most valuable.

Software for Digital Forensic Triage

Belkasoft Evidence Center

Belkasoft

Comprehensive Examination
Buy now

MD-Live ● MD-Next ● MD-Red

HancomGMD

Mobile Forensis
Buy now

Unified Digital Forensics Platform

Detego

Extract. Exploit. Examine.
Buy now

ADF Solutions

Mobile & Computer Forensics
Buy now

OSForensics

PassMark Software

Digital investigations for a new era
Buy now

Triage Requires Multiple Tools

Think about the array of digital devices on your desk or in your backpack/briefcase.

Mobile Phones

Everyone has a mobile phone, and many people have two or three. more...

Everyone has a mobile phone, and many people have two or three. For many the smartphone is the center of their digital world with a dizzying array of contacts, chat sessions, emails, pictures and other applications. And there are literally thousands of models of mobile phones in circulation. From a triage point of view this means you need at least three things: 1) a way physically to connect to the mobile device, 2) a way to unlock the device, and 3) tools to view data on the device to determine if there is anything of relevance. An effective triage "toolbox" will incorporate all three.

Laptop and Desktop Computers

While laptops and computers are a traditional stronghold of digital forensics tools, they still benefit from the speed offered by triage tools. more...

While laptops and computers are a traditional stronghold of digital forensics tools, they still benefit from the speed offered by triage tools. Triage tool vendors often package their software on "USB sticks" that can be plugged directly into the computer under investigation. The software on these USB sticks then searches the subject system for files of interest (often determined by pre-set search "profiles") and gives the operator a quick answer about whether or not a deeper investigation is warranted.

Portable Storage Devices

People often carry USB thumb drives, memory cards, external HDDs and SSDs. more...

People often carry USB thumb drives, memory cards, external HDDs and SSDs. Sometimes these are plugged into mobile phones, cameras, video records and computers and sometimes they are separate. The variety of these devices and the variability of the data they contain present their own sets of challenges. A triage "toolbox" will often include devices like write blockers or specialized memory card readers to connect to these devices. The triage software can examine the contents of these devices - again using pre-set "profiles" - and notify the operator when data of specific interest is detected.

Jumpstart the Software Learning Curve with Digital Intelligence Training

Acquiring tools is step one. Using them effectively while sifting through complex regulatory challenges often requires a step learning curve. Let Digital Intelligence help. We offer technology, product, and process training to build the skills need to work efficiently in a changing digital landscape.

We define and conduct training based on your experience, knowledge level, and professional goals. At our training location or yours. learn more

Enhance Your In-House Capabilities with Digital Intelligence Forensic Services

Looking for an alternative to the traditional "buy, learn, and use" model of software ownership? Digital Intelligence Forensic Services offers price competitive options. Our skilled, certified, and in-house services staff have decades of digital forensic and eDiscovery case work experience. Contact us to learn more about our capabilities, creative service options, and collaborative approach to working for you. learn more

Technical Support You Can Count On

When you purchase from Digital Intelligence, you’re getting the best forensic products money can buy. But the value doesn’t stop there. You get lifetime technical support and access to a professional, dedicated support team. We measure our success not just by the number of systems we sell but also by the level of support we provide. Whether it’s a question about your FRED, UltraBlock, Imager or software – or a question about a forensic problem you face – we have your back. Call, email, or text. We are here for you.

Ready to buy? Shop in our online store!

Buy now