Abstract
Digital triage is the first investigative step of the forensic examination. The digital triage comes in two forms, live triage and post-mortem triage. The primary goal of the live triage is a rapid extraction of an intelligence from the potential sources. The live triage raises legitimate concerns. The post-mortem triage is conducted in the laboratory and its main goal is ranking of the seized devices for the possible existence of the relevant evidence. The digital triage has the potential to quickly identify items that are likely to contain the evidential data. Therefore, it is a solution to the problem of case backlogs. However, existing methods and tools of the digital triage have limitations, especially, in the forensic context. Nevertheless, we have no better solution for the time being. In this paper, we critically review published research works and the proposed solutions for digital triage. The review is divided into four sections as follows: live triage, post-mortem triage, mobile device triage, and triage tools. We conclude that many challenges are awaiting for the developers in creating methods and tools of digital triage in order to keep pace with the development of new technologies.
Highlights
The volume of data for forensic investigation keeps constantly growing
The digital forensic process is very time consuming, because it requires the examination of all available data volumes collected from the cybercrime scene
The information obtained in a such way cannot be directly used in the court; a quick access to such knowledge can speed up the future process of digital forensics and, is some situations, can even save somebody’s life
Summary
The volume of data for forensic investigation keeps constantly growing. This is a result of the continuing technology development when scale and bounds of the Internet rapidly change and social networks come to everyday use. A process that takes place prior to the standard forensic methodology is called digital triage It can provide valuable intelligence without subjecting digital evidence to a full examination. Digital triage is a technical process to provide information for the forensic examination, but does not involve the evaluation of digital evidence. The term “forensic” cannot be used together with the term “digital triage” if the process of digital triage does not adhere to the rules of the forensic process specific to the country. Pollitt [16] argues that the process of digital triage in the context of forensics is an admission of failure He recognizes that for a better approach does not exist. We review the models and methods of live triage
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
