3 Reasons Investigators Need Triage

Today’s smartphones, tablets, and computers are faster, smarter, and capable of holding more and more data than ever before. They offer more storage and the ability to connect to the cloud and to Internet of Things (IoT) devices.  

Faced with more and more data, more and more police forces are adopting forensic triage methodologies to handle digital evicence on-scene, in the lab, or both in the field and lab. 

What’s Wrong with Traditional Digital Forensics?

There will always be a need for the traditional model of deep-dive forensics. However, with advances in digital storage capacity, the proliferation of the Internet, its ability to connect devices, and increasingly high speeds of processing and connectivity, there has been an explosion of digital data which can overwhelm traditional methodologies. The result? Digital forensic backlogs. 

Why Investigators Need Digital Forensic Triage

The approach to forensics does not require just one approach, but adopting triage has clear benefits.

1. More Data Than Ever:  Statistics point to as much as 2.5 quintillion bytes of data created every single day, and this amount is only going to increase. When we explained what Digital Forensic Triage is, we emphasized that prioritizing evidence when you have a dearth of data can be the difference between a successful or a failed investigation. The use of digital forensic triage allows investigators to quickly collect, analyze, and report the data that is top-priority, rather than digging through mountains of digital data. 
2. Less time → Delays → Backlog:  We don’t deny the need for deep dive on data. However, the benefit of digital forensic triage is front-line agents can collect and analyze evidence on-scene to find low-hanging fruit, or determine if a target device needs to be seized. This is ideally done in the field, but some digital forensic labs successfully deploy triage as part of the intake process to prioritize devices that need to be examined.
3. Ease of Use for All:  Digital forensic triage gives agencies and departments the option to deploy triage software to non-technical investigators while highly trained digital forensic experts and examiners can still maintain control over the investigative process and require adherence to standard operating procedures. 

We’ve touted the clear benefits of using a digital forensic triage methodology, and now we’ve brought the tools to easily deploy triage tools to the front-line. Introducing Field Investigator^TM for Teams, a comprehensive bundle that brings together the control and power of Digital Evidence Investigator with the easy-to-learn Triage-Investigator.