Triage-Investigator

Rapid Evidence Collection, Analysis, and Reporting

Triage-Investigator® is ADF's automated intelligent forensic triage tool designed for field deployment with Digital Evidence Investigator®. The software has a proven track record of providing easy and quick access to court-defendable evidence.

Rapidly assess Mac, Windows, Linux, ChromeOS, and external drives for prohibited materials like CSAM, usernames, and contacts in both field and laboratory settings.

Forensic Examiners can process cases and leverage investigators to assist forensic labs with the rapid collection, analysis, reporting, and management of digital forensic backlogs.

Triage-Investigator® is easy-to-use, easily configurable, supports a wide array of computer hardware, has powerful boot capabilities, is forensically sound, and comes with technical support and regular upgrades.  

Key Highlights

  1. Eliminate manual scans
  2. Scan multiple computer and storage devices for evidence 
  3. Employ hash matching to pinpoint files from established hash sets such as VICS or CAID
  4. Use built-in search profiles for swift evidence discovery

Triage-Investigator Automated Computer Forensics Tool

Intro to Triage-Investigator

With Triage-Investigator®, agencies can expand their field capabilities, maintain control, and give their investigators the tools they need in the field to solve cases faster.

 

TINV Kit2024

Triage-Investigator

Fast Automated Computer Investigations for Field and Lab

Forensic Examiners and Investigators around the world rely on Triage-Investigator® to investigate computers and devices in their forensic lab or on-scene. TINV prioritizes and collects files and artifacts fast with suspect, witness, or victim evidence presented in a timeline view and leverages powerful forensic Search Profiles to locate valuable digital evidence fast.

Prioritize speed in evidence collection and use in the field or in lab investigations with minimal training.

  • Image live macOS computers via our remote agent and create an AFF4 logical image
  • Scan and Image Chrome OS computers such as Chromebooks
  • Highly configurable file and artifact collection including web browser cached files, social media, P2P, Cryptocurrency, cloud storage, user login events, anti-forensic traces, saved credentials, files shared via Skype, USB history, user connection log, etc.
  • Recover deleted records from apps using the SQLite database
  • Artifact collections are collected in parallel to accelerate their collection
  • Supports collection of forensic artifacts from Windows and macOS (including T2 and M1 chips)
  • Search and collect emails including MS Outlook, Windows Mail, Windows Live Mail 10, Apple Mail
  • Investigate attached devices, live powered-on computers, boot scans from powered-off computers, forensic images, the contents of folders, and network shares (including shares made available by NAS devices)
  • Prepare a Collection Key without Search Profiles to select Captures just before a scan
  • Prepare a Collection Key with pre-configured or custom Search Profiles imported from Digital Evidence Investigator (Note: Custom Search Profiles can only be created in DEI or DEI PRO)
  • Protect the Collection Key with BitLocker
  • Ability to borrow license tokens for collection keys
  • Discover remote Mac OS agents automatically
  • Deploy user-created Captures to the Collection Key when not using Search Profiles
  • Create new log files for logical images and process logical images from the data container
  • Simplified data container to store Mac logical images
  • Enter keywords just before a live/boot scan
  • Rapidly search suspect media using large hash sets (>100 million), including Project VIC (VICS 2.0) and CAID
  • Find relevant files and artifacts using TINV's powerful keyword and regular expression search capability
  • Image drives Out-of-the-box with image verification and imaging log file
  • Use password and recovery key to decrypt and scan or image BitLocker volumes including those using the new AES-XTS encryption algorithm introduced in Windows 10
  • Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation
  • Capture RAM to acquire volatile memory
  • Collect password-protected and corrupted files for later review
  • Collect iOS backups on target computers
  • Detect and warn of BitLocker and FileVault2-protected drives
  • Leverage Triage-Investigator's powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers
  • Direct access to the Capture screen with the ability to define time range of data collection, define collection per app in a Search Profile, select Captures and apps before a live or boot scan, and exclude folders from the scan

Use the single timeline view that combines files and artifact records with a user’s actions.

  • Leverage facial analysis age detection to quickly sort and identify infants, toddlers, children, and adults
  • View results while a scan is running 
  • View chat conversations with bubbles to easily identify the senders and receivers with “Message Thread” hyperlink to select individual conversations
  • Filter search results with sorting and search capabilities (dates, hash values, tags, text filters, more)
  • Search scan results using keywords, with results categorized by record type
  • View pictures and videos organized by visual classes such as people, faces, currency, weapons, vehicles, indecent pictures of children
  • View links between files of interest and user’s activities such as recently access files, downloaded files, attachments, and more
  • View highlighted encrypted files in the scan summary
  • Redact previews when exporting a report
  • Comprehensive video preview and frame extraction
  • Automatically tag hash and keyword matches
  • Define new file types and select individual ones to be processed
  • Display provenance, including comprehensive metadata, of all relevant files and artifacts
  • Reorder or disable post-scan tasks (classification of pictures, videos, or entity extraction) to run in the Viewer

Digital Evidence Investigator software lets you create a standalone portable viewer for further analysis and reporting for prosecutors and other investigators.

  • HTML, PDF, and CSV Reporting Options
  • Customize your report to show specific columns and redact pictures
  • Precisely select which files and artifacts to export
  • Present information in a table or list
  • Include original files or previews only
  • Share portable reports with a standalone viewer (no license required to view, analyze, and tag)
  • Export in JSON format
  • Export to other forensics applications with VICS / Project VIC (JSON) or CSV formats
  • Export to the Orchesight platform

The Digital Evidence Investigator Software Kit Includes:

  • One Portable Travel Case
  • One Licensed Triage-Investigator® Software Authentication Key
  • One 500GB SSD Collection Drive
  • One 4 Port USB Hub
  • One USB-A to USB-C adapter
  • One Cable USB-A to USB-C
  • Software Maintenance and Support

Request a Quote

Recommended Technical Specs:

  • Windows 10 64-bit
  • Intel i7 CPU
  • 8GB Minimal, 16GB of RAM Recommended
  • 500GB PCIe NVMe SSD hard drive

Request a Quote

ADF Solutions digital forensic experts designed the Triage-Investigator Certified User Training as online learning to equip non-technical investigators with the knowledge and skills they need to use Triage-Investigator to perform forensic triage to collect and extract evidence from computers and digital media.

Course Length

8 Hours: Learners typically take approximately 8 hours to successfully complete the exercises and the final certification exam.

Course Outline

  • Introductions and getting started with Triage-Investigator
  • Terminology
  • Triage and field use cases
  • Preserving digital evidence and the boot process
  • Installation and preparing a collection key
  • Introduction to the Triage-Investigator user interface
  • Using a collection key to extract digital evidence
  • Case Study 1: Screen, layouts, and controls
  • Case Study 2: Live scans and analysis
  • Case Study 3: Reporting
  • Case Study 4: Desktop scans and fraud case analysis
  • Importing Search Profiles 
  • Final Exam 

Cost

$695 Online Self-Paced Class (Buy Online Now)

In-Person for Your Team (Request a Quote)

"The quickness and user interface, as well as the ability to shape the triage and target certain types of investigations, have impressed everyone."

Computer Forensic Analyst

U.S. Federal Agency