Forums
Main Category
General (Technical,...
Computer Forensic T...
 
Notifications
Clear all

Computer Forensic Triage & Backlogs

 
Page 1 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by traknerud 14 years ago
14 Posts
5 Users
0 Reactions
832 Views
RSS
 Sumit
(@sumit)
Eminent Member
Joined: 15 years ago
Posts: 25
Topic starter 12/04/2011 7:45 pm  

Hi All,

I am looking for some articles related to computer forensic triage and its backlogs. I have found only 2 one from Harry Parsonage about ADF and one article written by University of Purdue CFFTPM(Cyber Forensic Field Triage Process Model).

But still i dont think its enough for a dissertation .. Any idea from where i can look for more forensic triage and its backlogs articles.

Help would be very much appreciated. Please do the needful

Kind Regards
Sumit


   
Quote
 Anonymous
(@Anonymous)
Guest
Joined: 1 second ago
Posts: 0
12/04/2011 8:10 pm  

To be really helpful, use Google Scholar search engine. It was my basic source of articles when I wrote my dissertation thesis.


   
ReplyQuote
 Anonymous
(@Anonymous)
Guest
Joined: 1 second ago
Posts: 0
13/04/2011 1:34 pm  

Sumit,

I don't know a great deal about triage either, but I did find a couple of things that might help.

Synergy have actually published a book on the subject
http//www.syngress.com/digital-forensics/Digital-Triage-Forensics/
Never read it so I've no idea if it's any good.

If you are on LinkedIn there appears to be a group called 'Forensic Triage'. Might be worth joining and contacting some of the members.

Regards,
Chris


   
ReplyQuote
harryparsonage
 harryparsonage
(@harryparsonage)
Estimable Member
Joined: 20 years ago
Posts: 184
14/04/2011 1:44 am  

Sumit

It is a problem that everyone doing that topic finds. There is no research or much written about it, certainly not much published anyway. There are a number of other students that have done the same topic if you could find one somewhere they might help.

I don't know what search terms you have used but this is one that I know is out there http//personal.cis.strath.ac.uk/~gw/IAS/june/talks/mdickson.pdf on the internet. It is just a presentation rather than a paper.

H


   
ReplyQuote
 Sumit
(@sumit)
Eminent Member
Joined: 15 years ago
Posts: 25
Topic starter 10/05/2011 1:19 pm  

Thanks Chris & Harry….

Harry, thanks for sending me the presentation based on computer triage.

all i have read is CCFTPM, Harry Parsonage, USSOCOM, Parameters for selecting triage.

i am looking for articles which talks about backlogs of triage .

as a student i cannot afford to buy softwares to see what are the backlogs in the software ..etc

Also, do we use encase or ftk during triage process?


   
ReplyQuote
 kovar
(@kovar)
Prominent Member
Joined: 18 years ago
Posts: 805
10/05/2011 8:01 pm  

Greetings,

The discussions I've seen about the backlog appear in the public press occasionally, on various law enforcement lists and forums, and via social media. I've not seen a formal paper on the topic, perhaps because it is often a fairly temporary situation?

Triage is, to me, a completely different topic. You can use triage for a number of reasons, only one of which is to try to manage backlogs.

As for the tool to use - "that depends". In very simple terms, coming from my perspective, I'd say that both FTK and EnCase are overkill for conducting triage for computer forensics as both require a fair bit of case setup time and processing power to use.

A triage tool should be light, accurate, and quick. And you'll want to wrap whatever tools you use in a good process, and no one is going to sell you a process. (Well, people will, but you should develop your own.)

-David


   
ReplyQuote
 Sumit
(@sumit)
Eminent Member
Joined: 15 years ago
Posts: 25
Topic starter 10/05/2011 8:08 pm  

Hi David

could you please tell what are the backlogs in triage? if you have any idea? help would be appreciated .

Regards
Sumit


   
ReplyQuote
 kovar
(@kovar)
Prominent Member
Joined: 18 years ago
Posts: 805
10/05/2011 8:32 pm  

Greetings,

When you say "backlog", I think "law enforcement is faced with an increasing volume of cases, and of data in each case, that requires computer forensics attention. This, combined with budget and training problems, leads to an ever growing backlog of computer forensics cases in the LE world."

Are you asking about the same sort of backlog?

Unfortunately, "backlogs in triage" doesn't mean much to me. Triage is one of many tools to address backlogs, in computer forensics, medicine, and even your personal life.

-David


   
ReplyQuote
 Sumit
(@sumit)
Eminent Member
Joined: 15 years ago
Posts: 25
Topic starter 10/05/2011 9:01 pm  

Hi David,

I am writing a dissertation on Foresnic Triage & its Backlogs.

All i have read is articles written by Hary Parsonage, CFFTPM, and Forensic Triage archived discussions.

In all these papers, it seems forensic triage is a pre forensic process but not full replacement of forensics which i agee

But there is no information about tools used during computer forensic triage and what are the names of the tools which are not good for triage process and why they are not good..

Im struggling so much on it….

I might sounded stupid, but im student and i dont have hands on experience on these stuff.. so my last option is beg,borrow or steal..

Please advise

Regards
Sumit


   
ReplyQuote
 kovar
(@kovar)
Prominent Member
Joined: 18 years ago
Posts: 805
10/05/2011 9:07 pm  

Greetings,

Have you used Google to search for "forensic triage tool"? I just did so and quickly found a couple of tools that claim to be useful for forensics triage. You could read their marketing blurbs to learn more about them, and what problem they're trying to solve.

It also pulled up a blog post I wrote awhile back on the subject

http//integriography.wordpress.com/2009/11/24/acpo-triage-tools-and-the-le-computer-forensics-backlog/

So, I gently take issue with your claim that there is no information about these tools.

-David


   
ReplyQuote
Page 1 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: