Desktop Triage
Most advanced Computer Forensics Field Kit, secure evidence at first crime scene.
Blanket search of the disks to identify suspicious items, completely and exhaustively.

Desktop Triage

  • Support Windows system during its operation, collect key evidence
  • Blanket search of the disks to identify suspicious items, completely and exhaustively
  • Automatic scroll and capture screens, preserve first-hand evidence on site

At first crime scene, preserving evidence with less or no taint has always been the challenge. To solve this problem, our Desktop Triage is here to help. It captures both non-volatile and volatile data on operating Windows, keeping critical evidence such as login account and opened files. If the suspect has had just deleted the files, Desktop Triage could also attempt to retrieve the important data. The feature of screencapture further enforces the capability of preserving first-hand information. Other features, such as OCR and PSR also take a step further towards the competency of evidence.

Description
  • Support English and Mandarin operation interface.
  • Support collection of volatile evidence (stored temporarily on the computer and would be lost if the device shuts down):
    1. Process
    2. Network Resources
    3. Network
    4. Opened Files
    5. ARP Cache
  • Support collection of non-volatile evidence:
    1. Service
    2. Service Detail
    3. Start Run
    4. Wireless
    5. Installed Software
    6. System Info
    7. USB Devices
    8. Shortcuts
    9. User Profiles
    10. MUI Cache
    11. Prefetch
    12. Security log
    13. Application log
    14. System log
    15. Task Schedule
    16. User Assist
    17. ShellBags
    18. Recent File
  • About browser support:
    1. Firefox: Login to your account, browsing history, bookmarks, quick access and cookies
    2. Chrome: Login password, keyword search history, download and browsing history, bookmarks, quick access and cookies
    3. Edge: Login, browsing history, bookmarks, quick access and cookies
    4. IE: Quick access and browsing history
  • It has the function of making key logical image files, which can be packaged and taken away from the key path of the hard disk.
  • Support TimeLine analysis with graphical presentation. Drag on the graph to select specific time frame.
  • Support exporting evidence reports as CSV files.
  • Support data analysis of both physical and local disks.
  • Collected evidence can be further analyzed by searching keywords, filesize, time, etc.
  • Able to retrieve recently deleted files d copy export.
  • Able to start PSR to record operating activities.
  • Support single, web and other screenshots, enabling users to capture computer screen and to conduct further OCR analysis.
  • Able to operate without installation.