Triage-G2

Rapid Intelligent Media Exploitation

Triage-G2® is ADF's award-winning media exploitation tool deployed by special forces, military, and intelligence agencies worldwide. As the ultimate cyber triage tool, Triage-G2 has a proven track record supporting sensitive site exploitation operations (including DOMEX, MEDEX, and tactical media exploitation as a key component of biometric identity kits).
 
Designed for forward-deployed operators with stealth capabilities, operators follow a rapid 2-step process, Triage-G2® will rapidly scan, extract, and analyze critical intelligence from computers and digital devices. The tool can be deployed in the field for reconnaissance on a small, rugged USB key.

Request a Free Trial
Triage-G2 Intelligent Media Exploitation Tool

Triage-G2

Special Operators deployed worldwide depend on Triage-G2 for rapid Intelligent Media Exploitation -- it's not just a triage download, it's the pocket-sized fully-automated media exploitation tool used by special forces, military, and intelligence agencies worldwide to rapidly scan, extract and analyze critical intelligence and perform forensic triage on computers and digital devices.

No video selected

Select a video type in the sidebar.
Triage-G2® Media Exploitation Kit (2)

Triage-G2

The ultimate Plug and Pay DOMEX tool

Leverage AI/ML and Natural Language Processing (NLP) in a pocket-sized media exploitation tool used by special forces, military, and intelligence agencies worldwide to rapidly scan, extract and analyze critical intelligence from computers and devices.

Buy Now

Forward operators can exploit media and gather critical intelligence in under 2 minutes with the #1 DOMEX tool.

  • Image live macOS computers via our remote agent and create an AFF4 logical image
  • Ability to run in stealth mode
  • Easy-to-use and deploy with minimal training
  • Portable and lightweight deployment utilizing an unmarked rugged USB key
  • Simple multi-workstation deployment with a single configuration file
  • Rapid data collection from computers and digital devices
  • Highly configurable artifact and file collection including web browser cached files, social media, P2P, Cryptocurrency, cloud storage, user login events, anti-forensic traces, saved credentials, files shared via Skype, USB history, user connection log, etc.
  • Prepare a Collection Key without Search Profiles to select Captures just before scan
  • Prepare a Collection Key with pre-configured or custom Search Profiles
  • Prepare a Collection Key: Protect the Collection Key with BitLocker (instead of the Search Profile option)
  • Prepare a Collection Key: the ability to borrow license tokens for collection keys
  • Scan & Image: discover remote Mac OS agents automatically
  • Supports collection of artifacts from Windows and macOS (including T2 and M1 chips)
  • Search and collect emails including MS Outlook, Windows Mail, Windows Live Mail 10, Apple Mail
  • Investigate attached devices, live powered on computers, boot scans from powered off computers, forensic images, the contents of folders and network shares (including shares made available by NAS devices)
  • Rapidly search suspect media using large hash sets (>100 million)
  • Find relevant files and artifacts using powerful keyword and regular expression search capability
  • Image drives Out-of-the-box with image verification and imaging log file
  • Recover images from unallocated drive space
  • Recover deleted records from apps using the SQLite database
  • Use password and recovery key to decrypt and scan or image BitLocker volumes including those using the new AES-XTS encryption algorithm introduced in Windows 10
  • Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation
  • Capture RAM and volatile memory
  • Collect password protected and corrupted files for later review
  • Collect iOS backups on target computers
  • Detect and warn of BitLocker and FileVault2 protected drives
  • Leverage powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers
  • Scan Setup: define the time range of data collection, define collection per app in a Search Profile, select Captures and apps before a live or boot scan and exclude folders from the scan
  • Scan Setup: deploy user-created Captures to the Collection Key when not using Search Profiles
  • Scan Setup: direct access to the new Capture screen
  • Image: create new log files for logical images
  • Scan: process logical images from the new data container
  • Image: use new and simplified data container to store Mac logical images (no more experimental AFF4-L)

Use the single timeline view that combines files and artifact records with a user’s actions.

  • View results while a scan is running
  • View chat conversations with bubbles to easily identify the senders and receivers with “Message Thread” hyperlink to select individual conversations
  • Filter search results with sorting and search capabilities (dates, hash values, tags, text filters, more)
  • View pictures and videos organized by visual classes such as people, faces, currency, weapons, vehicles
  • View links between files of interest and user’s activities such as recently access files, downloaded files, attachments, and more
  • Viewer: highlight encrypted files in scan summary
  • Viewer: ability to redact previews when exporting a report
  • Viewer: undock Frames panel tab
  • Inspect video using comprehensive video preview and frame extraction
  • Automatically tag hash and keyword matches
  • Leverage facial analysis age detection to quickly identify infants, toddlers, children, adults
  • Define new file types and select individual ones to be processed
  • Display provenance, including comprehensive metadata, of all relevant files and artifacts
  • Reorder or disable post-scan tasks (classification of pictures, videos, or entity extraction) to run in the Viewer

Triage-G2 lets you export intelligence and evidence and create reports for military prosecutors and other field investigators.

  • Powerful reporting capabilities (HTML, PDF, CSV)
  • Export in JSON format
  • Select which files and artifacts to export
  • Customize your report to show specific columns and redact pictures
  • Present information in a table or list
  • Share portable reports with a standalone viewer (no license required to view, analyze and tag)

 

The Triage G2 Software Kit Includes:

  •  One portable case
  •  One 500GB high-speed SSD USB Key
  •  One four-port USB hub
  •  Software Maintenance and Support

Request a Quote

Recommended Technical Specs:

  • Windows 10 64-bit
  • Intel i7 CPU
  • 8GB Minimal, 16GB of RAM Recommended
  • 500GB PCIe NVMe SSD hard drive

Request a Quote

ADF Solutions digital forensic experts designed the Triage-G2 Certified User training to equip both technical and non-technical forward operators with the knowledge and skills they need to use TG2 to immediately extract conclusive intelligence and evidence from computers and digital media. 

Course Length

16 Hours: Learners typically take approximately 16 hours to successfully complete the exercises and the final certification exam.

Course Outline

  • Introductions and getting started with Triage-G2
  • Triage and field use cases
  • Preserving digital evidence and the boot process
  • Installation and preparing a collection key
  • Introduction to the Triage-G2 user interface
  • Using a collection key to extract digital evidence
  • Case Study 1: Screens, Layouts, Controls
  • Case Study 2: Targeted Folders and Using Hashing
  • Case Study 3: Keyword Usage
  • Case Study 4: Custom Search Profiles
  • File Identification
  • Search Profile Lab
  • Advanced Concepts
  • Final Exam

Cost

$995 Online Self-Paced Class (Buy Online Now)

In-Person for Your Team (Request a Quote)
"Forward deployed operators require fast lightweight tools. ADF delivers rapid intelligence with automated categorization of valuable intelligence"