Computer Forensics Field Kit

Solutions

Desktop Triage

Computer Forensics Field Kit
Desktop Triage
1.

Secure evidence at first crime scene

Support Windows system during its operation, collect key evidence
2.

Traces Analysis &
Data Retrieval

Blanket search of the disks to identify suspicious items, completely and exhaustively
3.

Most advanced Computer Forensics Tool Kit

Automatic scroll and capture screens, preserve first-hand evidence on site
DeskTop Triage

Overview

  • Website
    •

    At first crime scene, preserving evidence with less or no tainted has always been the challenge. To solve this problem, our Desktop Triage is here to help. It captures both non-volatile and volatile data on operating Windows, keeping critical evidence such as login account and opened files. If the suspect has had just deleted the files, Desktop Triage could also attempt to retrieve the important data. The feature of screencapture further enforces the capability of preserving first-hand information. And via OCR, PSR and all features to complete evidence collection report could be generated to ensure evidence competence.

    Features

  • Flyer
    •
    • Support English and Mandarin operation interface.
    • Support collection of volatile evidence (stored temporarily on the computer and would be lost if the device shuts down):
        i. Process
        ii. Network Resources
        iii. Network
        iv. Opened Files
        v. ARP Cache
    • Support collection of non-volatile evidence:
        i. Service
        ii. Service Detail
        iii. Start Run
        iv. Wireless
        v. Installed Software
        vi. System Info
        vii. USB Devices
        viii. Shortcuts
        ix. User Profiles
        x. MUI Cache
        xi. Prefetch
        xii. Security log
        xiii. Application log
        xiv. System log
        xv. Task Schedule
        xvi. User Assist
        xvii. IE Cache
        xviii. IE History
        xix. ShellBags
        xx. Recent File
        xxi. Firefox login account and password
        xxii. Firefox History
        xxiii. Chrome login account and password
        xxiv. Chrome keyword search history
        xxv. Chrome download history
        xxvi. Chrome History
        xxvii. JumpList
        xxviii. Windows activity
        xxix. Network Usage
    • Support TimeLine analysis with graphical presentation. Drag on the graph to select specific time frame.
    • Support exporting evidence reports as CSV files.
    • Support data analysis of both physical and logical disks.
    • Collected evidence can be further analyzed by searching keysords, filesize, time, etc.
    • Able to retrieve recently deleted files and copy export.
    • Able to start PSR to record operating activities.
    • Support single, web and other screenshots, enabling users to capture computer screen and to conduct further OCR analysis.
    • Able to operate without installation.