Digital Triage Forensics

Processing the Digital Crime Scene


  • Stephen Pearson
  • Richard Watson

Digital Triage Forensics: Processing the Digital Crime Scene provides the tools, training, and techniques in Digital Triage Forensics (DTF), which are employed in the investigation of digital crime scenes, including traditional and more-complex battlefield crime scenes. The text covers the collection of digital media and data from cellular devices and SIM cards. It also presents outlines of pre- and post- blast investigations. The book is divided into six chapters that present an overview of the age of warfare, key concepts of digital triage and battlefield forensics, and methods of conducting pre/post-blast investigations. The use of digital triage forensics models in collecting and processing digital media and data from cell phones and SIM cards and the changing role of the digital forensic investigator are also discussed. The first chapter discusses how improvised explosive devices (IEDs) have changed from basic booby traps to the primary attack method of the insurgents in Iraq and Afghanistan. It also covers the emergence of a sustainable vehicle for prosecuting enemy combatants under the Rule of Law in Iraq as U.S. airmen, marines, sailors, and soldiers perform roles outside their normal military duties and responsibilities. The remaining chapters detail the benefits of DTF model, the roles and responsibilities of the weapons intelligence team (WIT), and the challenges and issues of collecting digital media in battlefield situations. Moreover, data collection and processing as well as debates on the changing role of digital forensics investigators are discussed in this book as well. The book will be helpful to forensic scientists, investigators, and military personnel, as well as to students and beginners in forensics.
View full description


Book information

  • Published: June 2010
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-596-7


"Syngress [is] by far the best publisher of digital forensics and general security books…I’d certainly recommend this book and after reading through it…it looks great. It’s written by the guys who coined the use of the word Triage in this context, so they know what they are talking about, and unlike many real technical books this one really does dig into the investigative techniques that should be used at the crime scene, including quite an interesting analysis of ‘Battlefield Crime Scenes’, where a triage approach is by far the only way to successfully approach the forensics problem." -Tony Campbell, Publisher, Digital Forensics Magazine

Table of Contents



About the Authors

Chapter 1 New Age of Warfare: How Digital Forensics is Reshaping Today's Military

    Yesterday’s “Booby Trap” Is Today’s IED

    The Invention of WIT

    “CSI” Baghdad: Today’s Intelligence Is Tomorrows Evidence

    Actionable Intelligence and Its Effect on the Battlefield

    Soldiers to “Battlefield Cops”



Chapter 2 Digital Triage Forensics and Battlefield Forensics


    DTF and Battlefield Forensics

    How does Evidence go from the Battlefield to the Lab?

    Five Levels of Exploitation of WTI Materials



Chapter 3 Conducting Pre/Postblast Investigations


    WITs Role Within the EOD Team

    Premission Preparations

    Scene Safety

    On Scene IED Analysis

    Photograph! Photograph! Photograph!

    Preblast Investigative Steps

    Postblast Investigative Steps

    Detainee Operations as it Pertains to WIT


Chapter 4 Using the DTF Model to Process Digital Media

    The changing location of Digital Evidence containers

    What hardware do I need to conduct a Cradle-to-Grave Battlefield investigation?

    Characteristics of Digital Media

    Stephen’s Quick and Dirty Guide to Understanding Digital Forensics

    Brief Overview of Digital Storage Concepts

    Processing Digital Media using the Digital Triage Forensic Model


Chapter 5 Using the DTF Model to Collect and Process Cell Phones and SIM Cards

    Cellular Devices Are Replacing the Laptop

    Proprietary Cell Phone Tools versus Nonproprietary Cell Phone Tools

    Freeware and Shareware as Cell Phone Forensic/Analysis Tools

    Using Cross Validation with your Tools

    Triage Processing of Cellular Devices

    Using the MFC to identify the Cellular Device

    Collection Concerns with Cellular Devices

    Don’t Push That Button

    Isolating the Cellular Device

    Using the HTCI Isolation Chamber

    Processing the Cell Phone


Chapter 6 The Changing Role of a Digital Forensic Investigator

    The Solution