Hello, first of all I'm not posting for an idea I have one just incase you guys are getting ready to attack me P . I posted a while ago with regards to forensics triage, an area in our field that particularly interests me and in some sense causes a little bit of controversy out there. I dont know whether to go into too much details as im not sure you guys are interested in that at the minute however I was after some opinions on the general area. I really think I can deliver some good research in this area and I was wondering what your thoughts on triage are. Would anyone potentially like to voice some opinions on what directions and problems they feel exist currently and what they would like to see? Or would anyone like to collaborate and share some ideas and what not and possibly get involved in the project?
I can provide more of what I was thinking about if anyone is interested.
Alternativly you might think im doing the wrong topic and would possibly like to tell me why??
Cheers guys
You can see a need for triage. As data storage capacities increase and time allowances decrease it is a sensible approach. Particularly if you are faced with a number of exhibits, it can answer the where do I start ? question very well.
The problem I see, and I say this as someone who performs very few triage style examinations, Is you are in the realms of dealing with the 'low hanging fruit'. Information that is obfuscated either intentionally or not is liable to be missed.
Some cases, such as IIOC, lend themselves to Triage more than others. Okay there are images on these computers now lets do more work see why they are there. Im just not sure how well Triage lends itself to some other types of investigation, i'd be interested to hear people share experiences of using Triaging methods.
yer you have made some very good points there. I will be looking into all things like this. With regards to the additional types of crime and its suitability to triage, this is something I have raised a few points on and could be a possible good area to look further into. I can see how searching for images can work well but picture-less relatded crimes may be different.
All opinions welcome! )
Hi Tootypegs,
I worked in a job/jurisdiction in the past where we had to show that there was something relevant to the case on the computer before we were allowed to seize or even image the computer. This meant time spent on-site with Linux boot discs or EnCase on our laptops running keyword searches for relevant company names etc. We then had to show the results to the invesigator on-site. As soon as one document or whatever came back with a relevant hit we were good to go but we still had to perform this triage every single time we executed a warrant and on every PC/HDD in the premises.
So I think you can say that there is a role for Triage in not just picture-related cases but also other kinds of cases. HTH! )
I Thanks for your reply Kiashi, i was hoping and have got a few ideas for a novel and quick solution to triage items for evidence no matter what the suspected offense.