As digital technology becomes more advanced, the potential for its criminal application is magnified. This can result in overwhelming amounts of digital data for law enforcement to inspect in a limited timeframe. Although opportunities to find digital evidence on a perpetrator's or victim's computer may be numerous, the time it takes to search through such vast quantities of data contributes to the issue of growing forensic backlogs.
The Computer Forensics Challenge
.png?width=310&name=What%20is%20Computer%20Triage_%20(1).png)
Combing through a computer for evidence is an arduous task on its own. However, many cases involve multiple computers to inspect, which makes it difficult for investigators to know which one will provide the most useful evidence. And it's not just the forensic examiners who face an upward battle.
Collecting evidence in the field can sometimes require technical skills that take time and extensive training to develop. Inspecting all of the computers in a lab is extremely time-consuming, especially if there is a forensic backlog to contend with. Transporting computers out of the field comes with the risk of losing sensitive evidence (such as RAM / volatile memory) during the journey to the lab, or as they sit in a lab waiting to be examined. Add that to the challenge of delivering evidence to prosecutors in an appropriate format, and you can see why digital forensics is a complex field.
The Solution: Computer Triage 
Computer ownership and use has skyrocketed in the last few decades, challenging law enforcement to adapt alongside these digital changes. Techniques and programs are used to assist in the collection and analysis of digital evidence. Digital triage allows investigators to develop a plan for collecting the most useful evidence. Depending on the situation and an agency's policies and procedures, this plan can be carried out on-scene or back in the lab.
How Does Forensic Triage Work?
In situations where there are multiple computers and few trained forensic specialists, looking at indicators that suggest a computer may hold valuable evidence, such as browser history and installed software, are useful first steps. Using a forensic triage approach, investigators can prioritize information based on how valuable it is, how much time and effort it will take to analyze it, and how sensitive it is to manipulation. Products like ADF's Triage-Investigator search through immense amounts of data and retrieve relevant files, artifacts, and user history. The software is easy to use and is deployed on memory sticks, so analysis can quickly be done where and when it makes the most sense for the investigation - typically at the scene of the crime.
Choosing a Product
There are a variety of tools for computer triage on the market. It's important to determine which aspects of a triage tool are most useful for the investigation at hand. For instance, you may want a tool that allows an investigator or examiner to preview images or videos during a scan so they can start their analysis immediately instead of waiting until a scan is complete. ADF offers three industry-leading products used by law enforcement, military organizations, and corporations worldwide. To find out which one best suits your needs, compare our products.
Our team is passionate about helping to solve crimes quickly and reduce the digital evidence backlog. For more information or assistance, contact us. We'd love to hear from you.
