Support Triage Articles

Triage Articles

DFI News: Parameters for Selecting a Triage Tool

Several months ago, the United States Special Operations Command (USSOCOM—which is charged with overseeing the various Special Operations Commands of the U.S. Armed Forces), conducted an evaluation of computer media exploitation and cellular telephone exploitation products, systems, and tools. The evaluation was organized by the USSOCOM Program Office. Triage tools were included as a separate category along with other computer media exploitation tools. An important part of the evaluation was to include representation from each of the respective military services to ensure that the triage tools were evaluated respective to any service unique requirements. Overall, the objective of the evaluation was to determine which triage tool could best meet the military’s requirements for procurement and world-wide dissemination. Selection of specific triage tools for evaluation was based upon previous procurements by both the USSOCOM Program Office as well as by individual military operational units.

The following  article covers how USSOCOM tested and selected a triage tool that best fit the military's needs and requirements.  The article was posted on DFI News by John Barbara from Digital Forensics Consulting, LLC.

Read article here: http://www.dfinews.com/article/parameters-selecting-triage-tool

 

DFI News: Triage a Computer - June 09, 2010

The following is an excellent article posted on DFI News by John Barbara from Digital Forensics Consulting, LLC


 

CEIC 2010 Presentation: Forensic Triage Programs, Risk Assessment Factors

ADF Solutions recently did a presentation at CEIC 2010 titled "Forensic Triage Programs, Risk Assessment Factors". The audience was primarily forensic examiners (not surprisingly) and after the presentation we were flooded with questions and comments on implementing forensic triage programs. The key messaging that appealed to most of the attendees was:
  1. Forensic Triage should not be considered a replacement for full forensic examinations
  2. Forensic Triage focuses valuable forensic resources on computers that are likely candidates for full forensic examinations
  3. Removing computers from backlogs prior to full forensic examination is a smart way to reduce forensic backlogs
  4. If negative computers can be identified with forensic triage with high confidence levels and a fraction of the time it takes compared with full forensic examinations, then it is an approach to be seriously considered
  5. The statistics and success stories outline in the presentation were much appreciated

Here is a sanitized copy of our presentation.

 

Controversy over recently announced forensic triage initiatives in the UK

Recent articles in the UK have announced an intent by UK law enforcement agencies to use equip triage tools to investigators and possibly first responders to help reduce the ever-growing forensic backlog. Here are two articles:

Police sitting on forensic backlog risk, says top e-cop

Police in talks over pocket PC-crime detection tool

Activity in recent blogs shows that the forensic community appears divided over this issue. Many forensic examiners feel forensic triage is a good solution to reduce backlogs (if implemented correctly), while others feel this is a complete waste of time. Before people make any quick judgments on topics like these, it is important to keep a few things in perspective. As the CEO of ADF Solutions Inc., the leading forensic triage company, I would like to offer the following perspective:

Read more...

 

ACPO Managers Guide -- Good Practice and Advice Guide for Managers of e-Crime Investigations

This is an interesting report in the UK (July 2009) from the Association of Chiefs of Police (ACPO), which produces guidelines and recommendations for law enforcement agencies.

The relevant material on forensic triage is in Section 5 (page 66) - "Forensic matters."

 

Forensic Triage Trends at U.S. Department of Justice and the FBI

This paper has a lot of interesting stuff but the key excerpt is on Page 2:
"The FBI Digital Evidence Section (DES), is working within and without the Deputy Attorney General's Computer Forensic Working Group (CFWG) to "continue to develop strategies for DES to reduce the backlog of digital evidence related to crimes against children cases requiring forensic analysis.
The FBI strategy is fourfold:

Read more...

 

Police in talks over pocket PC-crime detection tool

Interesting article on ZDNet UK (June 2009) on the UK Police deploying a triage tool to detect evidence of illegal activity on PCs
 

Police sitting on forensic backlog risk, says top e-cop

Interesting article in the UK register on the UK Police's need to equip investigators and first responders with triage tools.


 

Positive Predictive Value and Digital Forensics

Interesting article on forensic triage by Sean McLinden on Forensic Focus

 

Triage Incident Response: Triage of Agent.BTZ

Interesting article by "HogFly"

 
Contact Us | News | Jobs

Copyright © 2010 ADF Solutions Inc. - All Rights Reserved.