Rapid, Accurate Digital Forensic Triage of Devices

Detego® Field Triage enables end users to quickly identify the relevance of a digital device (computers, USB sticks, memory cards, tablets, external hard drives etc.) during an investigation/operation. Detego® Field Triage provides operators with the flexibility to extract all files or target specifically selected artifacts from Windows, MAC and Linux Machines, including password locked via the Detego® Boot.
 

 

Capabilities:
  • Flexibility to extract all files or target specifically selected artefacts
  • Traffic light indicator (patent pending 1509436.0) for rapid identification of relevant devices
  • Real-time fly-by preview of files
  • Simple-to-use interface with lightweight USB deployment
  • Forensically sound
  • Covert functionality
  • Seamless integration with Detego® Analyse

 

Watch The Lights

Detego® Field Triage’s colour indicator instantly flashes red when known (illegal/suspicious) files are detected, such as user defined MD5 and SHA1 hashes, for example indecent images of children, counter terror databases or organic investigation hashes. Amber for suspicious content or activity, such as encryption (Bitlocker and TruCrypt) and predefined keywords. Green if the target computer is clear of a specific search type.

This streamlined process reduces investigation times, training burden and costs, allowing for evidence from the target device to be introduced earlier to a court case.


 

No Constraints

Detego® Field Triage allows complete customisation and flexibility for acquisition location(s). Investigators can customise their acquisition parameters to acquire files from internal / specified drives, removable drives, network drives and user profiles. Acquire all files regardless of date/time and file-size, or set parameters in each of these for a tailored acquisition against specific times, regardless if the computer clock is set wrong on the target’s device. Custom file type enables investigators to target specific file types of interest by extension and header.

Detego® Field ‘Triage’s’ rapid acquisitions capture the entire file and can be targeted at (over 1,000) specific file types and sub groups, including, but not limited to:

Look at a variety of formats such as chats, video, images, and p2p.

High configurable search profiles

Detego® Field Triage’s simple-to-use, user interface, allows the end user to run a full digital acquisition at the click of a button. Acquisition options include:

  • Quick Config– has been designed for frontline investigators in time-pressured environments such as Counter Terror, maximising ‘quick win’ potential with rapid access to potentially critical evidence and intelligence
  • Advanced Config – provides the investigator complete flexibility and customisation of required search criteria. This includes the ability to limit collateral digital intrusion, assisting with compliance and any warranty issues as well as covering all crime types
  • Last Run – re-run the last acquisition profile that a removable device performed
  • Select Profile – pre-configure your device to suit the objectives of your investigations and use multiple profiles for different operations and crime types. This also means that non-technical investigators can simply insert the USB stick into the target computer and perform a forensically sound digital acquisition and investigation without detailed technical knowledge

View our Detego Field Triage PDF for more information.

Part No:
AP-DET-FIELD