Triage and Digital Forensic Strategy
Slides are available for Bruce Ramsay’s recent presentation on Triage
In the presentation Bruce explored:
- How can triage be used most effectively?
- How do triage techniques fit into the overall Digital Forensic Strategy?
- When are triage techniques most appropriately used, and when are they inappropriate?
- When should triage be used on-site, through a kiosk, and as a means of prioritisation in the lab?
Key Learning Points:
- A digital forensics strategy without triage introduces backlog delay risk, which can be significant.
- There is a need and place for triage in a digital forensics workflow.
- Triage should not simply be a case of doing a ‘light’ exam on a restricted search space, although that has been best practice so far.
- Cyan Forensics have created a new tool for Triage, based on best practice, and it’s available to trail with your data now.
With increasing numbers of digital devices submitted for evidence, good triage techniques offer the potential to sift rapidly and reduce the number of devices subjected to a full examination.
Used properly, triage can reduce risk and costs associated with investigations, as well as addressing shortages of digital forensics capacity. However, poorly conducted triage can miss important evidence and increase risks.
Please enter your details to receive a download link: