Download Free Trial

Triage Computers to Reduce  Forensic Backlogs and Lower Costs

Key Benefits

  • Find key evidence in minutes
  • Fully configurable collection of artifacts
  • Save time by not imaging computers
  • Run multiple scans simultaneously with a single license key
  • Export forensic triage results to other programs

Forensic labs have drastically reduced their backlogs by implementing a recognized triage process built around proven triage tools. In some cases backlogs have been reduced by as much as 90% over a period as short as six months.

Quickly Identify Negative Computers and Close Cases Faster

Real-world forensic experience shows that 40%-50% of all full forensic examinations turn out negative.  Full examinations can take weeks, whereas triage scans can take only hours to detect the same negative computers. Forensic examiners have confirmed that these negative computers can be identified much quicker through a triage process, thereby saving significant expense and time.


Triage-Examiner is easy to use and can be prepared and deployed in just minutes. The results can be viewed directly on the suspect computer.

Scan Multiple Computers Simultaneously with a Single License to Lower Investigation Costs

Triage-Examiner is designed to scan computers with a single USB-based ADF license dongle and a separate generic (non-ADF) USB collection device. As a result, users can set up unlimited generic USB collection devices and leverage a single ADF license dongle to start simultaneous scans on multiple computers.

Powerful Search Capabilities Find Evidence Fast

Powerful search intelligence can be easily configured by users to identify critical evidence, and this includes search terms, hash values, image analysis and regular expressions. The search can be narrowed on file properties including dates, file size, etc. Triage-Examiner also collects extensive system captures including Internet search and browsing history, browser map search history, USB device history, most-used applications, and more.

Custom Search Profiles provide flexible and highly customizable search criteria that can be specific to the case, reducing preparation time and ensuring quicker evidence retrieval. Triage-Examiner’s ability to find targeted digital evidence faster is enhanced by use of its powerful activity sensor technology to target recently used areas of a drive.

Fully Configurable Collection of Artifacts

Triage-Examiner includes configurable file header definitions for file collection and unallocated space file carving. These key features give forensic examiners the highest confidence in the triage results.

Comprehensive Reporting Capabilities

Detailed and comprehensive reports of this critical information can easily be created and shared wherever appropriate.

View a Report Sample

Forensically Sound to Ensure the Chain of Evidence

When investigating sensitive cases like child exploitation, it is vital that all necessary evidence is viable to prosecute the offender. Forensic triage provides a forensically sound strategy to get quick results while maintaining the integrity of the case and preserving all the collected files including log records.

Digital First Responder (DFR) Training Program

In order to best prepare our customers to use our products, we have developed a two-day user training program for forensic and non-forensic users. We also offer a “Train the Trainer” program.

Triage-Examiner Kit

The Triage-Examiner Kit includes:

  • 1 x Portable Travel Case
  • 1 x Licensed Authentication Key
  • 1 x 32GB High-Speed USB Key
  • 1 x Bootable CD
  • 1 x USB Extension Cable
  • 1 x Teasing Needle
  • 1 x Portable Flashlight

 

ADF Triage-Examiner – Lab Add-On  

The Lab Add-On allows Triage-Examiner users to run the Triage-Examiner software on their laptops or forensic workstations to scan drive images, physical drives, DVDs, CDs, and other removable media that are connected to the forensic workstation.

Triage in Action, Real-World Results

Triage-Examiner has been selected and deployed by law enforcement agencies worldwide. These agencies have seen immediate reduction of their forensic backlog, lowering their costs and improving the work environment for all personnel involved. We have several documented cases of Triage-Examiner reducing forensic backlogs.

Below are a few of many real world testimonials.

“We took possession of five computers from a suspect who had voluntarily submitted them for a forensic examination. The suspect had been unjustly accused of possession of child pornography but wanted to clear his name. We set up our SearchPaks and scanned all five machines. By 4:00 p.m. that day, some four hours after the handover, I was able to inform the investigators that the machines were clean. This would have taken days using conventional methodology. The investigators were impressed, and the suspect was grateful that we quickly identified them as innocent. This is a good example where a negative can have a positive outcome and speedy resolution can prevent claims against law enforcement for undue delay in keeping the machines. I can see this taking off at a pace, when managers recognize its acceptable minimum risk and huge time-saving benefits. To use the old cliché, ‘We need to work smarter, not harder.’”

Forensic examiner, Durham Police

“We triaged nine computers at one time and it took only two and a half hours. Amazing! We had to search a suspect’s work location but it required the examination of ten computers. That would have taken hours, if not days, of time to do in the past. We set up the SearchPaks® and tested them on our own computers with success. We then went to the business at 10 a.m. and were told the suspect was coming in at 1 p.m. to work on her day off. We got all the systems up and running in minutes and all the triage scans were done in two and a half hours. The ADF Triage program was outstanding and a time-saver.”

Forensic examiner, Victoria Police Department