Forward operators can exploit media and gather critical intelligence in under 2 minutes with the #1 DOMEX tool.
- Ability to run in stealth mode
- Portable and lightweight deployment utilizing an unmarked rugged USB key
- Scan and Image Chrome OS computers such as Chromebooks
- Image live macOS computers via our remote agent and create an AFF4 logical image
- Image live ARM CPU-based Window devices
- Highly configurable artifact and file collection including web browser cached files, social media, P2P, Cryptocurrency, cloud storage, user login events, anti-forensic traces, saved credentials, files shared via Skype, USB history, user connection log, etc.
- Recover deleted records from apps using the SQLite database
- Supports collection of forensic artifacts from Windows and macOS (including T2 and M1 chips)
- Search and collect emails including MS Outlook, Windows Mail, Windows Live Mail 10, Apple Mail
- Investigate attached devices, live powered-on computers, boot scans from powered-off computers, forensic images, the contents of folders, and network shares (including shares made available by NAS devices)
- Simple multi-workstation deployment with a single configuration file
- Rapid data collection from computers and digital devices
- Prepare a Collection Key without Search Profiles to select Captures just before the scan
- Prepare a Collection Key with pre-configured or custom Search Profiles
- Ability to protect the Collection Key with BitLocker
- Ability to borrow license tokens for Collection Keys
- Discover remote Mac OS agents automatically
- Deploy user-created Captures to the Collection Key when not using Search Profiles
- Supports collection of artifacts from Windows and macOS (including T2 and M1 chips)
- Create new log files for logical images
- Simplified data container to store Mac logical images with the ability to process local images from the data container
- Rapidly search suspect media using large hash sets (>100 million)
- Find relevant files and artifacts using powerful keyword and regular expression search capability
- Use password and recovery key to decrypt and scan or image BitLocker volumes including those using the new AES-XTS encryption algorithm introduced in Windows 10
- Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation
- Capture RAM and volatile memory
- Collect password-protected and corrupted files for later review
- Collect iOS backups on target computers
- Image drives Out-of-the-box with image verification and imaging log file
- Recover images from unallocated drive space
- Recover deleted records from apps using the SQLite database
- Detect and warn of BitLocker and FileVault2-protected drives
- Leverage powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers
- Direct access to the Capture screen with the ability to define the time range of data collection, define collection per app in a Search Profile, select Captures and apps before a live or boot scan, and exclude folders from the scan
- View results while a scan is running
- View thumbnail(s) of attached reference files (displays them in the HTML/PDF report as well)
- In gallery view, filter out images that aren’t rendered
- View chat conversations with bubbles to easily identify the senders and receivers with “Message Thread” hyperlink to select individual conversations
- Filter search results with sorting and search capabilities (dates, hash values, tags, text filters, and more)
- Search scan results using keywords, with results categorized by record type
- View pictures and videos organized by visual classes such as people, faces, currency, weapons, vehicles
- View links between files of interest and user’s activities such as recently accessed files, downloaded files, attachments, and more
- View highlighted encrypted files in the scan summary
- Redact previews when exporting a report
- The ability to Undock Frames panel tab
- Inspect video using comprehensive video preview and frame extraction
- Automatically tag hash and keyword matches
- Define new file types and select individual ones to be processed
- Display provenance, including comprehensive metadata, of all relevant files and artifacts
- Reorder or disable post-scan tasks (classification of pictures, videos, or entity extraction) to run in the Viewer
- ADD-ON: Entity Extraction and Language Translation Gisting (230 languages) available
- Precisely select which files and artifacts to export
- Import hash values from a VICS/CAID database with the possibility to select categories,
- Import keyword list and prompt for default tags and comments if none are in the CSV file
- Import hash values from the CSV file and prompt for default tags and comments if none are in the CSV file
- Export errors when importing keywords or hash values
- Log issues when importing data
- Customize your report to show specific columns and redact pictures
- Present information in a table or list
- Include original files or previews only
- HTML and PDF reporting options
- Export to other forensics applications with VICS / Project VIC (JSON) or CSV formats
- Export to the Orchesight platform
- Share scan results with a portable standalone viewer
The Triage G2 Software Kit Includes:
- One portable case
- One 500GB high-speed SSD USB Key
- One four-port USB hub
- One USB-A to USB-C adapter
- One Adapter USB-C to Ethernet and 3 USB-A
- One Ethernet Cable
- Software Maintenance and Support
Request a Quote
Recommended Technical Specs:
- Windows 10 64-bit
- Intel i7 CPU
- 8GB Minimal, 16GB of RAM Recommended
- 500GB PCIe NVMe SSD hard drive
Request a Quote
ADF Solutions digital forensic experts designed the Triage-G2 Certified User training to equip both technical and non-technical forward operators with the knowledge and skills they need to use TG2 to immediately extract conclusive intelligence and evidence from computers and digital media.
Course Length
16 Hours: Learners typically take approximately 16 hours to successfully complete the exercises and the final certification exam.
Course Outline
- Introductions and getting started with Triage-G2
- Triage and field use cases
- Preserving digital evidence and the boot process
- Installation and preparing a collection key
- Introduction to the Triage-G2 user interface
- Using a collection key to extract digital evidence
- Case Study 1: Screens, Layouts, Controls
- Case Study 2: Targeted Folders and Using Hashing
- Case Study 3: Keyword Usage
- Case Study 4: Custom Search Profiles
- File Identification
- Search Profile Lab
- Advanced Concepts
- Final Exam
Cost
$995 Online Self-Paced Class (Buy Online Now)
In-Person for Your Team (Request a Quote)