Triage Computers to Reduce Forensic Backlogs and Lower Costs
Forensic backlogs are a major problem today, and many forensic labs have drastically reduced backlogs by as much as 90% by implementing proven triage processes.
Real-world forensic experience shows that 40% to 50% of all full forensic examinations return negative results. Full examinations can take weeks, whereas triage scans can take only hours to detect the same negative findings, thereby saving significant expense and time.
Triage-Examiner from ADF Solutions is deployed on a Triage key (a 32GB USB flash drive or USB hard drive) and does not require expensive computers or hardware components. Using predefined search profiles, the setup process can be done in two easy steps. The tool is completely automated and runs directly on the suspect computer with minimal user interaction. Triage-Examiner can also utilize the suspect computer to view the results in real time. Click the image below to view software screenshots.
ADF forensic tools search the entire suspect drive in four categories and integrate unique technologies, including ActivitySensorTM that allow users to target high value files as quickly as possible. This technology is critical in scenarios where you have limited time to scan a computer.
When inserted into the suspect computer, Triage-Examiner automatically collects critical information and identifies valuable evidence. The collected data can be viewed immediately on the suspect computer or examined later for further analysis. Click the image below to view software screenshots.
SearchPaks® use a patented process to capture and deploy powerful search or forensic intelligence. They can be easily configured by users to identify critical digital evidence, including search terms, hash values, image analysis, and regular expressions. The search can be narrowed on file properties including dates, file size, etc. Triage-Examiner also collects extensive system captures, including Internet search and browsing histories, browser map search history, USB device history, and most-used applications. Click the image below to view software screenshots.
Customized HTML or CSV reports can easily be created for distribution. Click image below to view sample HTML report.
When out in the field, it is critical that examiners have a simple, single tool that can extract intelligence from multiple devices and systems. Triage-Examiner was designed with this in mind and supports multiple operating platforms including Windows, Macintosh, and Linux.
Triage-Examiner is designed to scan computers with a single USB-based ADF license dongle and a separate generic (non-ADF) USB collection device. As a result, users can set up unlimited generic USB collection devices and leverage a single ADF license dongle to start simultaneous scans on multiple computers. Click the image below to enlarge.
When examiners cannot risk losing valuable information by turning off a suspect computer, they need to be able to capture digital evidence from a running or live device. Triage-Examiner allows live analysis of computers running Windows that cannot be shut down, which minimizes the risk of losing valuable intelligence by capturing all volatile data, including memory from all 32-bit and 64-bit windows operating systems.
Triage-Examiner includes configurable file header definitions for file collection and unallocated space file carving. These key features give forensic examiners the highest confidence in the triage results. Click the image below to view software screenshots.
SearchPaks® are encrypted and the permissions restricted to make it easy to disseminate to other examiners inside or outside the organization. The forensic triage community is actively sharing powerful SearchPaks, including those for indecent image detection, indecent keyword detection, registry collection, anti-forensic application detection, and encryption application detection.
Triage-Examiner includes advanced image-matching technology that bypasses the traditional hash value limitations for identifying altered and similar images, including those that have been deleted or found in Thumbs.db files. This technology has helped identify conclusive evidence without deploying time-consuming forensic resources. Click the image below to enlarge.
When investigating sensitive cases, such as those of child exploitation, it is vital that all necessary evidence is viable in order to prosecute the offender. Digital triage provides a forensically sound strategy to get quick results while maintaining the integrity of the case and preserving all the collected files, including log records.
Digital First Responder training program
In order to best prepare our customers to use our products, we have developed a two-day user training program for forensic and non-forensic users. We also offer a “Train the Trainer” program.
The Triage-Examiner Kit includes:
- One portable travel case
- One licensed authentication key
- One 32GB high-speed USB key
- One bootable CD
- One USB extension cable
- One teasing needle
- One portable flashlight
ADF tools have been selected and deployed by agencies worldwide. Click here for customer testimonials.