ADF Solutions Triage-G2
May 01, 2013
Three-year Triage G-2 software license with kit: $4,148; three-year license renewal: $3,999.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy and quick to configure and use.
- Weaknesses: Collection speed was good, but for a very large suite of machines to be tested the process could become time consuming.
- Verdict: A solid triage tool with a lot of history evident in its maturity.
ADF Solutions' Triage-G2 Pro was quick to set up and use. All we had to do was download the software, configure the triage key so it knew what to collect, plug the key into the targeted device, and then analyze the information. The GUI was simple to navigate since there were only a few options on the program the user could choose. The software had preset search options, and if the search options were not what the user needed, one could have easily customized their own configuration. The simple GUI promotes the product's ease of use making it simple for the novice user to navigate - even with minimal training. Scanning was even easier than configuring. All we had to do was plug the USB into the device and press the scan button. When scanning Apple computers we did run into some challenges in figuring out the scanning process, but we were able to find a solution and resolve conflicts.
There are a large variety of ways to scan: The user can search for image signatures, hash values, file collections, keywords and much more. If a computer was on, a live scan could be conducted. If the computer was off, the triage key (USB device) with the boot disc can boot the computer and run the scan. When other triage tools are conducting live scans, file times and dates often are altered. That is not the case with the Triage-G2, and when rebooted there are no changes made to the hard drive. Right before a live scan, the user is able to name the report and configure last-minute keywords for easy reporting.
When the triage key was plugged into the targeted computer, it scanned reasonably quickly and found everything we configured it to find. However, for a large number of computers, the total scanning time can mount up. This contrasts, of course, with the time to image a large number of disks fully with no guarantee that the sought-after data is present. This is the reason that triage tools make a lot of sense for such assignments. Also, the ability to gather important data rather quickly and clandestinely should appeal to undercover investigators, intelligence operatives and the military.
For fast intelligence, users are able to view the results of the scan on the target device before moving on to the next device. When the USB was pulled - before it was done loading - the data was not corrupted. One great feature is the key's size, an important factor when it comes to mobility for an operative or a soldier who is doing field work.
There is also a help function built into the software. The function did not have much more visual assistance than did the initial setup, but it did go more in-depth in the more advanced options. The product had great online customer support. When an email was sent pertaining to the software, tech support responded within the hour. A phone call connected us to a friendly and knowledgeable staff who were willing to work us through any problems encountered.
Though the product is not cheap, the keys features save time and resources in comparison to fully imaging a specific target. For fast intelligence or large-scale investigations, this product is ideal and the expense is well justified. The Triage-G2 Pro is a competent product offering a solid user experience.
Sign up to our newsletters
SC Magazine Articles
- CTB-Locker ransomware variant being distributed in spam campaign
- 'Sexy Girls' wallpaper app in Google Play store accessed account info
- Proposed CFAA revisions agitate IT security community
- New attack uses ransomware to drop trojans and keyloggers
- Firm finds link between Regin spy tool and QWERTY keylogger
- Zeus variant targeting Canadian banks, U.S. banks may also be a target
- Winnti trojan may help set stage for Skeleton Key attacks, analysts say
- FTC settles with revenge porn site operator
- Upatre, Dyre used in Univ. of Florida attack
- Wisconsin chiropractic clinic notifies 3,000 patients of insider breach