Detego Field Triage

Detego Field Triage is a portable digital forensic tool for field-based investigators to acquire and act on data captured from PCs, laptops and servers. Part of the wider Detego® Unified Forensics Platform, it’s deployed on to a removable storage device or external hard drive, placing an incredibly powerful forensic exploitation tool into the hands of non-technical investigators.

RAPID AUTOMATED TRIAGE

The intuitive triage functionality within this tool automatically alerts the investigating officer of any suspicious items through a Red, Amber and Green (RAG) status alert. This visual confirmation allows the user to determine the severity of the content or activity contained on the device and determine whether further investigation or arrest is necessary. A ‘Red’ warning indicates that known files have been detected, for example, an MD5, SHA1 or SHA256 hash linked to an IIOC or counter-terrorism file. An ‘Amber’ alert happens when suspicious content such as a pre-defined keyword, IP address, MAC address or other value (in any language) is matched. If no amber or red criteria has been met at the end of the acquisition, the indicator will turn ‘Green’ meaning the target computer is clear of a specific search type.

SPEED UP THE INVESTIGATIVE PROCESS AND INCREASE THE POSSIBILITY OF AN INSTANT CONVICTION

USERNAMES & PASSWORDS ACQUISITION

Detego® Field Triage can now scan a target laptop, PC or server and acquire a list of all of the usernames and passwords used on that device in less than 30 seconds. With its built-in triage capability, a non-technical investigator can either view these passwords live at the scene or choose to review a more detailed report later.

EASY-TO-USE DEPLOYMENT

Specifically designed to combat the main obstacles faced by investigators, the Detego® Field Triage software can be licenced to removable storage devices, providing a pocket-sized acquisition tool perfect for frontline agents, and features an intuitive interface that’s easily operated by non-technical users within a quick 30-minute training overhead.

HIGHLY CONFIGURABLE SEARCH PROFILES

  • Quick Start: This configuration is ideal for time-sensitive environments where there is a need for rapid access to potentially critical evidence and intelligence.
  • Physical Extraction: With just one click you can create an image of the target device’s physical drive.
  • Run a Stock Profile: Choose from one of the pre-loaded extraction profiles designed to give you quick wins in the shortest time.
  • Run a Most Recent Profile: Re-run the last acquisition profile that a Detego® Field Triage device performed.
  • Create a New Profile: Pre-configure your device to suit the objectives of your investigations and use multiple profiles for different operations and crime types.
  • Load a Profile: Once different profiles specific to your investigations have been created, they can be easily loaded and run so that a non-technical investigator can then insert a USB stick into a target computer and perform a forensically sound acquisition.

INVESTIGATIVE QUICK WINS

For rapid results, choose Detego® Field Triage. Simply connect the tool to a target device and, in a few steps, a forensic examiner can have access to valuable insights, significantly speeding up the investigative process and increasing the possibility of an instant conviction.