Triage-G2 PRO

Smartphone & Computer Media Exploitation

Triage-G2® PRO is the industry's leading media exploitation tool deployed by special forces, military, and intelligence agencies worldwide. The tool has a proven track record of supporting sensitive site exploitation operations (including DOMEX, MEDEX, and tactical media exploitation as a key component of biometric identity kits).
Designed for non-technical operators, Triage-G2 PRO will rapidly scan, extract, and analyze critical intelligence from iOS/Android smartphones, tablets, computers, and digital devices. The tool can be deployed in the field for reconnaissance on a small, rugged USB key.

Triage-G2 Pro: Smart Phone & Computer Media Exploitation Tool

Intro to Triage-G2 PRO

Triage-G2® PRO is the all-in-one smartphone and computer media exploitation software built for speed, scalability, and ease of use by field operators who need rapid acquisition. ADF's powerful DOMEX capabilities let you spend less time on target. 

No video selected

Select a video type in the sidebar.

Triage-G2® Pro Media Exploitation Kit (2)

Triage-G2 PRO

The Sensitive Site Exploitation Tool You Need for Your Mission

Triage-G2® PRO is the all-in-one smartphone and computer media exploitation software built for speed, scalability, and ease-of-use by field operators who need rapid acquisition. ADF software quickly processes and analyzes smartphones (iOS and Android), computers, external drives, drive images, and other media storage (USB flash drives, memory cards, etc.).  

With TG2 PRO, you get all the capabilities of Triage-G2® and Mobile Device Investigator™ in a single license. Empower your military and intel teams to collect, analyze and report on digital evidence 

Exploit computers, smartphones, and digital devices with a two-step process. Triage-G2 is built to run in Stealth Mode and deliver digital intelligence fast! 

  • Advanced logical acquisition of iOS/Android data up to 4GB per minute
  • Live Preview Mode - View phone content immediately without waiting for a backup or imaging to finish
  • Screen Recording for Android and iOS Devices (up to Android 14 and iOS 16)
  • Screenshots: auto-scroll when taking screenshots of long pages on Android
  • Screenshot: support for the Developer Mode on iOS 16 and Android 14
  • Scan and acquisition support for iOS 16 and Android 14
  • Scan & Image: discover remote Mac OS agents automatically
  • Image live macOS computers via our remote agent and create an AFF4 logical image
  • Capture and organize screenshots of connected mobile devices while navigating with automatic processing to extract and index text for search, annotation and reporting
  • Recover call records, messages, saved contacts and calendar data
  • Recover WiFi connections, installed applications and Android user accounts
  • Recover pictures, videos, audio files, documents and user-defined file types
  • Recover database files and Property Lists for later review
  • Recover browsers, browsing history, download history, search terms, form data, bookmarks, more
  • Recover and process deleted partitions
  • Capture Revolut mobile app data and organize it in a financial transactions table (iOS)
  • Search for specific information using keywords, regular expressions, hash values and PhotoDNA
  • Identify files or artifacts containing terms related to child exploitation
  • iOS devices: Automatically encrypt backup to obtain more data
  • Capture RAM and volatile memory
  • Rapidly search suspect media using large hash sets (>100 million), including VICS 2.0 and CAID
  • Find relevant files and artifacts using powerful keyword and regular expression search capability
  • Collect password protected and corrupted files for later review
  • Collect iOS backups on target computers
  • Recover deleted records from apps using the SQLite database
  • Supports collection of artifacts from Windows and macOS (including T2 and M1 chips)
  • Image drives out-of-the-box with image verification and imaging log file
  • Recover images from unallocated drive space
  • Detect and warn of BitLocker and FileVault2 protected drives
  • Search and collect emails: MS Outlook, Windows Mail, Windows Live Mail 10, Apple Mail
  • Highly configurable artifact and file collection including web browser cached files, social media, P2P, Cryptocurrency, cloud storage, user login events, anti-forensic traces, saved credentials, files shared via Skype, USB history, user connection log, etc.
  • Investigate attached devices, live powered on computers, boot scans from powered off computers, forensic images, contents of folders and network shares (including NAS devices)
  • Prepare a Collection Key without Search Profiles to select Captures just before a scan
  • Prepare a Collection Key: Protect the Collection Key with BitLocker (instead of the Search Profile option)
  • Prepare a Collection Key: ability to borrow license tokens for Collection Keys
  • Use password and recovery key to decrypt and scan or image BitLocker volumes including those using the new AES-XTS encryption algorithm introduced in Windows 10
  • Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation
  • Leverage the powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers
  • Scan full mobile device acquisitions and detect keychain/keystore files (GrayKey, UFED)
  • Scan Setup: define time range of data collection, define collection per app in a Search Profile, select Captures and apps before a live or boot scan and exclude folders from the scan
  • Scan Setup: deploy user-created Captures to the Collection Key when not using Search Profiles
  • Scan Setup: direct access to the new Capture screen
  • Scan: process logical images from the new data container
  • Image: create new log files for logical images
  • Image: use new and simplified data container to store Mac logical images (no more experimental AFF4-L)
  • View results while a scan is running, and filter search results with sorting and search capabilities (dates, hash values, tags, text filters
  • View chat conversations with bubbles to easily identify senders / receivers with message threads
  • View pictures and videos organized by visual classes such as people, faces, currency, weapons, vehicles, indecent pictures of children
  • View links between files of interest and user’s activities such as recently access files, downloaded files, attachments, and more
  • View highlighted encrypted files in scan summary
  • Viewer: ability to redact previews when exporting a report
  • Viewer: undock Frames panel tab
  • Inspect video using ADF's comprehensive video preview and frame extraction
  • Automatically tag hash and keyword matches
  • Leverage Facial Analysis and Age Detection to sort and identify images of infants, toddlers, children, adults
  • Define new file types and select individual ones to be processed
  • Display provenance, including comprehensive metadata, of all relevant files and artifacts
  • Reorder or disable post-scan tasks (classification of pictures, videos, or entity extraction)

Triage-G2 lets you export intelligence and evidence and create reports for military prosecutors and other field investigators.

  • Powerful reporting capabilities (HTML, PDF, CSV)

  • Export in JSON format

  • Select which files and artifacts to export

  • Customize your report to show specific columns and redact pictures

  • Present information in a table or list

  • Share portable reports with a standalone viewer (no license required to view, analyze and tag)
The Triage-G2® PRO Kit includes:  
  • One USB Triage-G2® PRO License Key (TG2 + MDI)
  • One 500 GB high-speed SSD USB key
  • One Four-Port USB Hub
  • USB cables for iOS and Android
  • One Ethernet Cable
  • One Adapter USB-C to Ethernet and 3 USB-A
  • One Portable Travel Case
  • Software Maintenance & Support

Request a Quote


Recommended Technical Specs:

  • Windows 10 64-bit
  • Intel i7 CPU
  • 8GB Minimal, 16GB of RAM Recommended
  • 500GB PCIe NVMe SSD hard drive

Request a Quote

ADF Solutions digital forensic experts designed the Triage-G2 PRO Certified User training to equip both technical and non-technical forward operators with the knowledge and skills they need to use TG2 PRO to immediately extract conclusive intelligence and evidence from cell phones, mobile devices, computers, and digital media. 

Course Length

20 Hours: Learners typically take approximately 20 hours to successfully complete the exercises and the final certification exam.

Course Outline

  • Introductions and getting started with Triage-G2 PRO
  • Triage and field use cases
  • Preserving digital evidence and the boot process
  • Installation and preparing a collection key
  • Introduction to the Triage-G2 user interface
  • Using a collection key to extract digital evidence
  • Case Study 1: Screens, Layouts, Controls
  • Case Study 2: Targeted Folders and Using Hashing
  • Case Study 3: Keyword Usage
  • Case Study 4: Custom Search Profiles
  • File Identification
  • Search Profile Lab
  • Advanced Concepts
  • Final Exam 

PRO Module: Mobile Device Investigator

  • Overview and terminology
  • Connecting a mobile device
  • Conducting a scan
    • Taking Screenshots
    • Search Profiles
    • Creating backups
  • Creating Mobile Search Profiles
  • Analyzing Mobile Evidence  
  • PRO Module Final Exam


$1690 Online Self-Paced Class (Buy Online Now)

In-Person for Your Team (Request a Quote)

"Forward deployed operators require fast lightweight tools. ADF delivers rapid intelligence with automated categorization of valuable intelligence"