Abstract
Considering that a triage related task may essentially make-or-break a digital investigation and the fact that a number of triage tools are freely available online but there is currently no mature framework for practically testing and evaluating them, in this paper we put three open source triage tools to the test. In an attempt to identify common issues, strengths and limitations we evaluate them both in terms of efficiency and compliance to published forensic principles. Our results show that due to the increased complexity and wide variety of system configurations, the triage tools should be made more adaptable, either dynamically or manually (depending on the case and context) instead of maintaining a monolithic functionality.
Original language | English |
---|---|
Pages (from-to) | 99-115 |
Number of pages | 17 |
Journal | Digital Investigation |
Volume | 10 |
Issue number | 2 |
DOIs | |
Publication status | Published - 1 Sept 2013 |
Keywords
- ACPO principles
- Incident response
- Kludge
- Open source
- TR3Secure
- Triage
- TriageIR