Solution Guide
Triage 17
Triage
What is Triage?
Triage allows the digital forensics investigator to browse the data contained on
suspect devices and to make decisions as to which devices are actually
evidentiary and worth seizing for immediate imaging on site (if the data
comprises a small volume) or for later imaging in the datacenter. This ability to
preview and seize only select target devices can substantially reduce the delays
that affect investigators’ ability to present evidence in a timely fashion. Triage
can curtail the backlog of storage devices awaiting imaging back at the forensics
lab, using fewer resources, avoiding adding to an already overloaded ingestion
queue, and dramatically reducing operating costs.
Dell’s Triage Solution Advantage
Mobile
Dell’s Digital Forensics Solution can be at the crime scene with the investigator;
all components have been thoroughly pre-tested to work together, and they
cover a broad range of target device ports and connectors that you might expect
to find in the field.
Fast
Existing forensic triage solutions can be slow and may even miss data because
they perform tasks, such as keyword searches or hash matching during data
collection. Dell’s Digital Forensics Solution overcomes this obstacle by using
the computing power of the Dell ruggedized laptop rather than the target PC to
perform analysis on the collected data. In some cases, you may be able to bypass
imaging and indexing processes in the forensics lab altogether.
Store
Ingest
Store Analyze
Archive
Present