Quickly and Easily Scan Computers for Cyber-related Crimes
Today’s forensic investigators and first responders must have the ability to quickly investigate and extract evidence from computers and other digital devices for access to time-sensitive information and to assist forensic labs by qualifying devices for seizure. However, the biggest challenges today are complex software, bulky hardware, and time-consuming data collection and analysis.
In partnership with the U.S. Department of Homeland Security Science and Technology, ADF Solutions has designed Triage-Responder with easy-to-use, lightweight USB deployment and detailed field reporting capabilities specifically for nontechnical users.
Triage-Responder has been designed specifically to be used by nontechnical first responders and deployed using a small, portable Triage key (a 32GB USB drive) that requires no computers or other heavy equipment. A simple two-step process to scan and analyze is all it takes to extract incriminating evidence from a digital device.
Triage-Responder comes complete with preconfigured Search Profiles. However, unlike other ADF triage tools Triage-Responder cannot be used to create or customize SearchPaks and Search Profiles (click here for more information). As a result, nontechnical investigators require minimal training to efficiently use the tool. It is highly recommended that investigators undergo minimal training to secure the chain of custody. Click the image below to view software screenshots.
Triage-Responder searches the entire target drive in four categories and integrates unique technologies, including ActivitySensorTM that allow investigators to find and collect high value files as quickly as possible. This technology is critical in scenarios where investigators have limited time to scan a computer.
The digital evidence and data collected can be viewed immediately on the suspect computer. Click the image below to view software screenshots.
Triage-Responder deploys ADF patented SearchPak® technology to identify and collect relevant evidence. The tool also collects extensive system captures for example, Internet search and browsing histories, browser map search history, USB device history, most-used applications and more.
HTML reports can easily be created with a single click.
When out in the field, it is critical that first responders and investigators have a simple, single tool that can extract evidence and intelligence from multiple devices and systems. Triage-Responder was designed with this in mind and supports multiple operating platforms including Windows, Macintosh, and Linux.
When first responders cannot risk losing valuable digital evidence by turning off a suspect computer, they need to be able to capture this evidence in the least intrusive and most thoroughly documented method. Triage-Responder allows live analysis of computers running Windows, minimizing the risk of losing valuable evidence by capturing all volatile data, including memory, from all 32-bit and 64-bit Windows operating systems.
A forensically sound tool, Triage-Responder securely and rapidly captures digital evidence and intelligence while maintaining the integrity of the case and chain of custody with its ability to run scans on dead (turned-off) computers. Unlike any other triage tools today running a live scan, ADF tools do not alter file times and dates.
Triage-Responder includes advanced image-matching technology that bypasses the traditional hash value limitations for identifying altered and similar images, including those that have been deleted or found in Thumbs.db files. This technology has helped identify conclusive evidence without deploying time-consuming forensic resources.
The Triage-Responder Kit includes:
- One portable mini travel case
- One 32GB high-speed USB key
- One boot CD
- One plastic teasing needle
ADF tools have been selected and deployed by agencies worldwide. Click here for customer testimonials.