ADF Solutions Triage-Examiner
May 01, 2012
Triage-Examiner one-year software license (includes kit): $1,448; one-year license renewal: $999; Lab Add-On module one-year software license: $699; one-year license renewal: $499.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Can use with multiple computers simultaneously, great customer support, clear reports.
- Weaknesses: Initial setup and documentation causes confusion.
- Verdict: Excellent product, streamlined and ideal for collection prior to full investigation.
We first installed Triage-Examiner by inserting the Triage Key USB, which required little user interaction, into the target computer. The same key is later prepared to conduct the examination. The first time that the software is implemented requires users to insert the Authentication Key USB to back up the license file. The console opens and users can select either a quick or complete scan. When preparing a scan, the user selects which drive to search and for what to search. From here, the Triage Key can be removed and plugged into any computer. An auto-run box pops up and the scan can begin. Scans provide a live feed of progress and results by category. Users can suspend the scan at any time to view the results up to the interruption. When the scan is done, evidence is clearly presented in a regimented report, which can be exported as HTML and converted to a PDF. Reports offer tags, which label through color codes evidence by significance. The speed and presentation of Triage-Examiner's collected evidence was impressive.
The Triage Key has a third functionality, which is replicated in the bootable CD: If a target device is turned off or locked, the USB or CD can reboot the system. The Lab Add-On option is a third USB. This allows the user to scan suspect drive images, write-blocked physical drives and other removable media.
This is a powerful and versatile forensic tool. It is compatible with Apple products and any other removable media devices. The user interface is refreshingly simple to navigate, buttons are large and certain options provide a quick description of functionality. The reports are very clear, albeit lengthy, and provide a tally of tagged items.
The documentation that came with the Triage-Examiner leaves something to be desired. Screen shots are either blurry or small, and there is little to no description per image. Certain instructions are not clearly explicated, though they can be figured out or clarified by customer service - which is not offered 24/7, but is available by phone, email or an online support ticket. If customer assistance is unavailable by phone, voicemail is offered with a timely response. The service reps were quite familiar with the product, providing extensive assistance and instruction.
The price for the Triage-Examiner and Lab Add-on, both complete with a one-year license, is $2,187. The one-year license renewal for Triage-Examiner by itself is $999 and is $499 for the Lab Add-on. This product is worth the value. As a forensic examination tool that is used prior to a full investigation, it is very strong.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- The Internet of Things (IoT) will fail if security has no context
- Regin: nation-state possibly behind the stealthy modular spying malware
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards