On-scene triage open source forensic tool chests: Are they effective?

Shiaeles, Stavros; Chryssanthou, Anargyros; Katos, Vasilios

doi:10.1016/j.diin.2013.04.002

Cited by 12 publications

(5 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The concept of DF triage, particular technical approaches involving the use of software to preview a device's digital content, remains relatively well covered in academic literature (see for example ‐ [12‐14]). However, the aspect of decision‐making, particularly in the context of DBDT undertaken by first responders, lacks analysis.…”

Section: Decision‐based Device Triage’ (Dbdt) At Scenementioning

confidence: 99%

See 1 more Smart Citation

The COLLECTORS ranking scale for ‘at‐scene’ digital device triage

Horsman

2020

Journal of Forensic Sciences

View full text Add to dashboard Cite

As digital evidence now features prominently in many criminal investigations, such large volumes of requests for the forensic examination of devices has led to well publicized backlogs and delays. In an effort to cope, triage policies are frequently implemented in order to reduce the number of digital devices which are seized unnecessarily. Often first responders are tasked with performing triage at scene in order How to cite this article: Horsman G. The COLLECTORS ranking scale for 'at-scene' digital device triage.

show abstract

Section: Decision‐based Device Triage’ (Dbdt) At Scenementioning

confidence: 99%

Section: Decis Ion -Ba S Ed De Vice Triag E' (Db Dt ) At Scenementioning

confidence: 99%

The COLLECTORS ranking scale for ‘at‐scene’ digital device triage

Horsman

2020

Journal of Forensic Sciences

View full text Add to dashboard Cite

show abstract

“…We base our conclusion on the provided description of the system. Shiaeles et al [55] review three open source triage tools and suggest the ways to improve them. The TriageIR, TR3Secure, and Kludge tools are tested for various Microsoft Windows versions.…”

Section: A Hash Database Index Filementioning

confidence: 99%

Methods and Tools of Digital Triage in Forensic Context: Survey and Future Directions

2017

View full text Add to dashboard Cite

Digital triage is the first investigative step of the forensic examination. The digital triage comes in two forms, live triage and post-mortem triage. The primary goal of the live triage is a rapid extraction of an intelligence from the potential sources. The live triage raises legitimate concerns. The post-mortem triage is conducted in the laboratory and its main goal is ranking of the seized devices for the possible existence of the relevant evidence. The digital triage has the potential to quickly identify items that are likely to contain the evidential data. Therefore, it is a solution to the problem of case backlogs. However, existing methods and tools of the digital triage have limitations, especially, in the forensic context. Nevertheless, we have no better solution for the time being. In this paper, we critically review published research works and the proposed solutions for digital triage. The review is divided into four sections as follows: live triage, post-mortem triage, mobile device triage, and triage tools. We conclude that many challenges are awaiting for the developers in creating methods and tools of digital triage in order to keep pace with the development of new technologies.

show abstract

“…Although open source tools and their effectiveness within computer forensics have been comprehensively tested [4], [5] & [6], the aim of this paper is to determine the effectiveness of open-source carving tools on split dd and EWF images and not the comparison, or effectiveness, of the tools themselves. For this reason, both Scalpel and Foremost have been chosen as they are/were the leading authority on open source carving tools, regardless of the fact that Scalpel is a re-write of Foremost [7], which is no longer supported.…”

Section: Introductionmentioning

confidence: 99%

Using Open Source Forensic Carving Tools on Split DD and EWF Files

Palmieri

Zargari

2017

2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and I

View full text Add to dashboard Cite

Abstract-This study tests a number of open source forensic carving tools to determine their viability when run across split raw forensic images (dd) and Expert Witness Compression Format (EWF) images. This is done by carving files from a raw dd file to determine the baseline before running each tool over the different image types and analysing the results. A framework is then written in python to allow Scalpel to be run across any split dd image, whilst simultaneously concatenating the carved files and sorting by file type. This study tests the framework on a number of scenarios and concludes that this is an effective method of carving files using Scalpel over split dd images.

show abstract

On-scene triage open source forensic tool chests: Are they effective?

Cited by 12 publications

References 5 publications

The COLLECTORS ranking scale for ‘at‐scene’ digital device triage

The COLLECTORS ranking scale for ‘at‐scene’ digital device triage

Methods and Tools of Digital Triage in Forensic Context: Survey and Future Directions

Using Open Source Forensic Carving Tools on Split DD and EWF Files

Contact Info

Product

Resources

About