Triage G2 has been designed to meet military, intelligence and special forces media exploitation requirements. Triage-G2 is primarily used by operators who have training to both run the tool (basic mode) and with additional training, the option to configure the tool (advanced mode). Triage-G2 also offers a stealth mode for live scans, advanced search configurations, and an integrated authentication and collection key for optimized workflow. Triage-G2 is limited to scanning a single computer at one time.
INTELLIGENT MEDIA EXPLOITATION
Triage-G2 now with Rosoka Entity Extraction and Gisting capabilities is ADF's award-winning media exploitation tool deployed by special forces, military and intelligence agencies worldwide. The tool has a proven track record supporting sensitive site exploitation operations (including DOMEX, MEDEX, Tactical Media Exploitation, and bio-metric identity).
Designed for non-technical operators with a simple 2-step process, Triage-G2® will rapidly scan, extract, and analyze critical intelligence from computers and digital devices. The tool can be deployed in the field for reconnaissance on a small, portable USB key.
TRIAGE-G2 KEY FEATURES
Special Operators Depend on Triage-G2Ⓡ for Intelligent Media Exploitation -- it's not just a triage download, it's the pocket-sized fully-automated media exploitation tool used by special forces, military and intelligence agencies worldwide to rapidly scan, extract and analyze critical intelligence from computers and digital devices.
Forward operators can collect intelligence in under 2 minutes with the #1 plug and play DOMEX tool.
Ability to run in stealth mode
Easy-to-use and deploy with minimal training
Portable and lightweight deployment utilizing an unmarked rugged USB key
Simple multi-workstation deployment with a single configuration file
Rapid data collection from computers and digital devices
Highly configurable artifact and file collection including web browser cached files, social media, P2P, Cryptocurrency, cloud storage, user login events, anti-forensic traces, saved credentials, files shared via Skype, USB history, user connection log, etc.
Prepare a Collection Key without Search Profiles to select Captures just before scan
Prepare a Collection Key with pre-configured or custom Search Profiles
Supports collection of artifacts from Windows and MacOS
Search and collect emails including MS Outlook, Windows Mail, Windows Live Mail 10, Apple Mail
Investigate attached devices, live powered on computers, boot scans from powered off computers, forensic images, the contents of folders and network shares (including shares made available by NAS devices)
Rapidly search suspect media using large hash sets (>100 million)
Find relevant files and artifacts using powerful keyword and regular expression search capability
Image drives Out-of-the-box with image verification and imaging log file
Recover images from unallocated drive space
Recover deleted records from apps using the SQLite database
Use password and recovery key to decrypt and scan or image BitLocker volumes including those using the new AES-XTS encryption algorithm introduced in Windows 10
Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation
Capture RAM and volatile memory
Collect password protected and corrupted files for later review
Collect iOS backups on target computers
Detect and warn of BitLocker and FileVault2 protected drives
Leverage powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers
Use the single timeline view that combines files and artifact records with a user’s actions.
View results while a scan is running
View chat conversations with bubbles to easily identify the senders and receivers with “Message Thread” hyperlink to select individual conversations - New
Filter search results with sorting and search capabilities (dates, hash values, tags, text filters, more)
View pictures and videos organized by visual classes such as people, faces, currency, weapons, vehicles
View links between files of interest and user’s activities such as recently access files, downloaded files, attachments, and more
Inspect video using comprehensive video preview and frame extraction
Automatically tag hash and keyword matches
Define new file types and select individual ones to be processed
Display provenance, including comprehensive metadata, of all relevant files and artifacts
Reorder or disable post-scan tasks (classification of pictures, videos, or entity extraction) to run in the Viewer - New
Triage-G2Ⓡ lets you create a standalone portable viewer for further analysis and reporting for military prosecutors and other investigators.
Powerful reporting capabilities (HTML, PDF, CSV)
Export in JSON format