Strengths: Easy and quick to configure and use
Weaknesses: Collection speed was good, but for a very large suite of machines to be tested the process could become time consuming
Verdict: A solid triage tool with a lot of history evident in its maturity
ADF Solutions' Triage-G2 was quick to set up and use. All we had to do was download the software, configure the triage key so it knew what to collect, plug the key into the targeted device, and then analyse the information. The GUI was simple to navigate since there were only a few options on the program the user could choose. The software had preset search options, and if the search options were not what the user needed, one could have easily customised their own configuration. The simple GUI promotes the product's ease of use making it simple for the novice user to navigate - even with minimal training.
Scanning was even easier than configuring. All we had to do was plug the USB into the device and press the scan button. When scanning Apple computers we did run into some challenges in figuring out the scanning process, but we were able to find a solution and resolve conflicts.
There are a large variety of ways to scan: the user can search for image signatures, hash values, file collections, keywords and much more. If a computer was on, a live scan could be conducted. If the computer was off, the triage key (USB device) with the boot disk can boot the computer and run the scan. When other triage tools are conducting live scans, file times and dates are often altered. That is not the case with the Triage-G2, and when rebooted there are no changes made to the hard drive. Right before a live scan, the user is able to name the report and configure last-minute keywords for easy reporting.
When the triage key was plugged into the targeted computer, it scanned reasonably quickly and found everything we configured it to find. However, for a large number of computers, the total scanning time can mount up. This contrasts with the time to image a large number of disks fully with no guarantee that the sought-after data is present. This is the reason that triage tools make a lot of sense for such assignments. Also, the ability to gather important data rather quickly and clandestinely should appeal to undercover investigators, intelligence operatives and the military.
For fast intelligence, users are able to view the results of the scan on the target device before moving on to the next device. When the USB was pulled - before it was done loading - the data was not corrupted. One great feature is the key's size, an important factor when it comes to mobility for an operative or a soldier who is doing field work.
There is also a help function built into the software. The function did not have much more visual assistance than did the initial setup, but it did go more in-depth in the more advanced options. The product had great online customer support. When an email was sent pertaining to the software, tech support responded within the hour. A phone call connected us to friendly and knowledgeable staff who were willing to work us through any problems encountered.
Although not cheap, the keys features of Triage-G2 save time and resources in comparison to fully imaging a specific target. For fast intelligence or large-scale investigations, this product is ideal and the expense is well justified. It is a competent product offering a solid user experience.