Abstract
Two major challenges in modern-day forensics are urgency and data amounts. Needless to say, modern computers can carry large amounts of data, and sorting through all that data is a very difficult task. Most examinations are also urgent in the sense that you are expected to deliver results quickly. Consider a case where a multimillion company is at a stand-still because of an incident that needs to be resolved by the forensic team before normal operations can resume! To manage with accurate and timely examinations, triage comes into play. As outlined in this chapter, triage is essentially the practice of prioritizing tasks so that the most important tasks are done first. This chapter outlines how triage is used in forensic examination and describes some commonly used triaging techniques.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gielen M (2014) Prioritizing computer forensics using triage techniques. University of Twente, Enschede
Rogers MK, Goldman J, Mislan R, Wedge T, Debrota S (2006) Computer forensics field triage process model. J Digit Forensic Secur Law 1:2
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Kävrestad, J. (2020). Triage. In: Fundamentals of Digital Forensics. Springer, Cham. https://doi.org/10.1007/978-3-030-38954-3_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-38954-3_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-38953-6
Online ISBN: 978-3-030-38954-3
eBook Packages: Computer ScienceComputer Science (R0)