SmartPhone Triage is ideal for Mobile Device Forensic Examiners, Legal Practices, Human Research Policy Enforcers, and Network Cyber Security Teams

Whether your firm has adopted a “Bring Your Own Device” (BYOD) or “No mobile phones allowed” policy, this tool can assist you to instantly extract and store evidence, in case of any violations.

It’s key functions are:

Evidence Collection UI & Features

You can perform automatic captures of continuous screenshots or choose to do manual screenshots. Alternatively, files can be imported in and get stored as evidence.

OCR and Keyword Search Functions

The image-file text recognition function identifies image files’s text content and stores it in a database where  it can easily be searched.

Report Generation Function

You can simply select the entire Case, or any screenshots within, to produce a report in ‘docx’ format. In addition, the report’s Hash value can be permanently stored on blockchain, boosting the credibility of the collected evidence and the report.

Case Management UI & Features

You can easily add new incident Cases. As well as, create various Case details including case names, abstracts and serial numbers. Cross-case keyword search is also supported.

Other Functions

Through the optional PC or iPhone screenshot module and using the analysis platform, screenshots can be imported into an existing Case. Once imported, the OCR mechanism is used for text analysis, and the result is incorporated into the Case database.

Desktop Triage features a User-friendly interface that helps collect digital evidence for multiple cases in the first tun. This includes all essential functions of traditional digital forensics such as screen recordings, artifact collections, live search and process documenting.

Key Features

1. Enhanced Windows PSR and Screen Recorder to document the whole forensic process, avoiding any ambiguity and serving as a key element of Chain of Custody.

2. Automatic scroll to capture screens of social media apps and web browsers, ensuring the collection of evidence which can only be seen in the field to guarantee most complete investigation.

3. Acquire critical files and packs them into a zip as a mini-image representation to the target disk, which contains most of the artifacts and compress the time cost of collection to a very short period, saving time from the full imaging process.

4. On-site collection of over 35+ key Windows artifacts in just a few minutes, including security, applications and other related event logs. For registry category, all the essential ones. (Prefetch, Shellbags, RecentFile, UserAssist, etc.)

5. LiveSearch function collects all the file information from both physical and logical disk, targeting the existence of suspicious and critical files by identifying the related files. Investigators could copy and export the data, keeping the key evidence.

6. Its report targets the promise of evidence admissibility and customization by selecting the contents desired. Investigators can generate reports according to the requirements of cases. There’s also the option to preserve evidence on blockchain with hash values.