Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The product reduces forensic backlogs and dedicates resources to collecting evidence. Triage-Examiner does not require an image to be made, but offers that capability. The model tested provides a Lab Add-On, and has three total USBs, which can be used as necessary. Each is clearly labeled and colored differently. This product is easy to use and is mostly automated. There are three steps to complete a scan: install Triage-Examiner, select and define the scan, and analyze the automated reports.
We first installed Triage-Examiner by inserting the Triage Key USB, which required little user interaction, into the target computer. The same key is later prepared to conduct the examination. The first time that the software is implemented requires users to insert the Authentication Key USB to back up the license file. The console opens and users can select either a quick or complete scan. When preparing a scan, the user selects which drive to search and for what to search. From here, the Triage Key can be removed and plugged into any computer. An auto-run box pops up and the scan can begin. Scans provide a live feed of progress and results by category. Users can suspend the scan at any time to view the results up to the interruption. When the scan is done, evidence is clearly presented in a regimented report, which can be exported as HTML and converted to a PDF. Reports offer tags, which label through color codes evidence by significance. The speed and presentation of Triage-Examiner's collected evidence was impressive.
The Triage Key has a third functionality, which is replicated in the bootable CD: If a target device is turned off or locked, the USB or CD can reboot the system. The Lab Add-On option is a third USB. This allows the user to scan suspect drive images, write-blocked physical drives and other removable media.
This is a powerful and versatile forensic tool. It is compatible with Apple products and any other removable media devices. The user interface is refreshingly simple to navigate, buttons are large and certain options provide a quick description of functionality. The reports are very clear, albeit lengthy, and provide a tally of tagged items.
The documentation that came with the Triage-Examiner leaves something to be desired. Screen shots are either blurry or small, and there is little to no description per image. Certain instructions are not clearly explicated, though they can be figured out or clarified by customer service - which is not offered 24/7, but is available by phone, email or an online support ticket. If customer assistance is unavailable by phone, voicemail is offered with a timely response. The service reps were quite familiar with the product, providing extensive assistance and instruction.
The price for the Triage-Examiner and Lab Add-on, both complete with a one-year license, is $2,187. The one-year license renewal for Triage-Examiner by itself is $999 and is $499 for the Lab Add-on. This product is worth the value. As a forensic examination tool that is used prior to a full investigation, it is very strong.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.