About FEX Triage™
FEX Triage is a portable computer forensics field-analysis tool. It enables investigators to make real-time decisions about seizure, forensic acquisition, and dealing with suspects.
FEX Triage has been designed for use by investigators with limited computer forensics training (basic mode) , as well as experience forensic examiners for field or lab use (advanced mode).
FEX Triage can be run on a live machine or by utilizing a forensic boot USB.
FEX Triage uses customize-able search profiles that can reduce any complex task to a single click.
Report profiles include:
- Search for and report the presence of child abuse material
- Export selected files to L01 or to Disk
- Registry analysis (e.g. user information and usage information)
- Internet browser and chat history
- Windows Thumbnails
- Locate and extract email messages and attachments
Key Features
Ease of Use
FEX Triage is easy to use and can be effective with minimal training. Advanced mode options also make it a valuable tool for experienced forensic practitioners.
Integrates with Forensic Explorer
A FEX Triage scan creates a Forensic Explorer case file. It preserves user actions in a forensic sound manner and enables forensic staff to immediately further examine triage results in directly in the Forensic Explorer GUI.
Portable
FEX Triage is portable and is designed specifically to run from a USB. It typically can be run in the following scenarios:
A Forensic Boot-Scan
Boot scan refers to starting a target computer using investigators boot media (i.e. the FEX Triage dongle). A boot-scan is a forensically sound process as it is the investigator media that is controlling the target system.
A Live Scan
Live scan refers to running FEX-Triage on a target live Microsoft Windows computer. In many cases this will be the most appropriate action due to concerns about powering down a running system which is crucial to a business, or may invoke encryption.
Can be effectively used to target file collection over a network file share (e.g. collect .docx files by name or content and export to L01 forensic image format).
A Forensic Desktop Scan
Can be run from the desktop of an investigators computer to scan hard drives or forensic image files.
Other Key Features
- FEX Triage is provided with a rugged Wibu Codemeter USB3 CmStick_BMC-1011 with 16 GB storage. It contains the software license but also acts as a USB boot and data collection device.
- Supports collection of data from Windows and MacOS (via USB boot) including iOS backups.
- Detects BitLocker and FileVault2 protected drives.
- View search results whilst the search is in progress.
- Export data directly to disk or to a forensic .L01 file.
- Creates CSV, PDF and RTF reports. View pictures and video key frames.
- Search profiles are highly configurable and can be customized for an organization. Default profiles include:
Basic
Cameras by Make Model
Child Protection – Pictures and Video
Encrypted Files
Filename Search
Filename Search – Individual
Internet – Browsers
Internet – Chat
Internet – Mobile
ITunes Backup
Random Sample – Graphics
Random Sample – Video
Registry – Current
Intermediate
Windows – Thumbnails
Email – Attachments (EDB, Mbox, OST, PST)
Email – Find Messages
Email – Keyword Search (EDB, Mbox, OST, PST)
Export – Extensions (Checkbox)
Export – Windows System (Checkbox)
Filename Search (Exact)
Hash Match (Auto) – Graphics and Video
Keyword Search – MS Office
Operating System Artifacts
Random Sample – Graphics
Windows – Shortcuts (.lnk)
Advanced
Email – Find Messages (Regex)
Export – Custom Global Search
Filename Search (Regex)
Hash Match (Checkbox) – Graphics and Video
Hash Match (Hard-Coded) – Graphics and Video
List Files to CSV – Custom Global Search
