Digital Triage Forensics: Processing the Digital Crime Scene and over 2 million other books are available for Amazon Kindle . Learn more

Sign in to turn on 1-Click ordering.
More Buying Choices
Have one to sell? Sell yours here
Sorry, this item is not available in
Image not available for
Image not available

Start reading Digital Triage Forensics: Processing the Digital Crime Scene on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Digital Triage Forensics: Processing the Digital Crime Scene [Paperback]

Stephen Pearson , Richard Watson , Michael Harrington

RRP: 38.99
Price: 36.78 & FREE Delivery in the UK. Details
You Save: 2.21 (6%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In stock.
Dispatched from and sold by Amazon. Gift-wrap available.
Want it tomorrow, 24 April? Choose Express delivery at checkout. Details


Amazon Price New from Used from
Kindle Edition 34.94  
Paperback 36.78 Trade-In Store
Did you know you can use your mobile to trade in your unwanted books for an Gift Card to spend on the things you want? Visit the Books Trade-In Store for more details or check out the Trade-In Amazon Mobile App Guidelines on how to trade in using a smartphone. Learn more.

Book Description

27 Jun 2006
Digital triage forensics (DTF) is a procedural model for the investigation of digital crime scenes including both traditional crime scenes and the more complex battlefield crime scenes. The U.S. Army and other traditional police agencies use this model for current digital forensic applications. The tool, training, and techniques from this practice are being brought to the public in this book for the first time. Now corporations, law enforcement, and consultants can benefit from the unique perspectives of the experts who coined Digital Triage Forensics.

Product details

More About the Author

Discover books, learn about writers, and more.

Product Description


"Syngress [is] by far the best publisher of digital forensics and general security books.I'd certainly recommend this book and after reading through looks great. It's written by the guys who coined the use of the word Triage in this context, so they know what they are talking about, and unlike many real technical books this one really does dig into the investigative techniques that should be used at the crime scene, including quite an interesting analysis of 'Battlefield Crime Scenes', where a triage approach is by far the only way to successfully approach the forensics problem." -Tony Campbell, Publisher, Digital Forensics Magazine

About the Author

Stephen Frank Pearson was born in Aylesbury, England in 1963 and has been involved with Digital Media Exploitation since the early 1990's. Stephen served in the United States Army as a Military Policeman for over 21 years. During this time, Stephen wrote and compiled numerous texts that are still used today to train the Army's Military Police and Investigators. Stephen's last military assignment was Non Commissioned Officer in Charge of the Advanced Technology Criminal Investigations Division at the Military Police School, Ft Leonard Wood, Missouri. After retiring, Stephen accepted a position as chief of detectives at the Pulaski County Sheriffs Office in Missouri. Stephen opened the first Digital Forensic Lab at the Sheriff's Department which was responsible for numerous convictions. Stephen, during this time, also started and ran the High Tech Crime Institute. In 2006 Stephen was contracted by the National Ground Intelligence Center to teach and design a course in Digital Triage Forensics for the new WIT teams deploying to Iraq and Afghanistan. To date, Stephen continues to teach and design new procedures that enable small team units to gather and exploit Digital Media from the Battle Space. Stephen currently lives in Palm Harbor, Florida and is the CEO of the High Tech Crime Institute.

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

Customer Reviews

There are no customer reviews yet on
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on (beta) 4.0 out of 5 stars  5 reviews
9 of 12 people found the following review helpful
2.0 out of 5 stars Maybe 4 stars if you respond to IEDs in SWA, but 2 stars for civilians 27 July 2010
By Richard Bejtlich - Published on
I have to preface this review by saying my criticism of this book should not be taken as criticism of the brave men and women who put their lives on the line fighting for our freedom in Southwest Asia (SWA). I'm reviewing the book "Digital Triage Forensics" (DTF), not the people who wrote it or the people who rely on the concepts therein.

DTF is a misleading, disappointing book. The subtitle is "processing the digital crime scene." The back cover says "the expert's model for investigating cyber crimes," and it claims "now corporations, law enforcement, and consultants can benefit from the unique perspectives of the experts who pioneered DTF." That sounds promising, right? It turns out that DTF is essentially a handbook for Weapon Intelligence Teams (WITs) who deploy to Iraq and Afghanistan to collect battlefield intelligence before and after Improvised Explosive Devices (IEDs) detonate! I cannot fathom why Syngress published this book, when the intended audience probably numbers in the dozens. Unless you need to learn the basics of how to collect cell phones and hard drive images to provide "actionable intelligence" to warfighters, you can avoid reading DTF.

I don't buy the argument that a book written for WIT members is going to apply to the civilian world. The authors make no apology for their claims that civilian operators have it easy, compared to the 5-10 minutes a WIT member has on the ground, perhaps under enemy fire or under the threat of enemy fire. If the authors wrote the book to say "here are lessons to use in your environment, based on what we learned in our environment," I could understand the argument. Instead, DTF says "here is the WIT environment, and here's how to operate within it -- WIT newbie."

If you're wondering how the DTF model compares to the Computer Forensic Field Triage Process Model (CFFTPM), I'll spare you the cost of buying the book: CFFTPM is Planning -> Triage -> Identification -> Collection -> Preservation -> Examination -> Analysis -> Report, whereas DTF is Planning -> Identification -> Collection -> Preservation -> Triage -> Examination -> Analysis -> Report. In DTF Triage is moved to a later phase because WIT members are physically at risk on the battlefield and don't have time for triage. As a book DTF also argues that it's important to extract actionable intelligence from evidence to support military actions within 12-72 hours, so sending everything to a central lab is likely to result in bottlenecks and missed opportunities.

From a quality point of view, DTF unfortunately exhibits some of the qualities found in older Syngress titles. Figure 1 on p x includes memorable phrases like "forebasics prevending lab backlog" [sic] and "expbiatation attempts" [sic]. Oddly enough "cleaned up" versions of figure 1 appear later as figures 2-1 and 2-2, and again as figure 6-1.

There's no reason to read this book unless you are "volunteered" (the authors' term) to Fort Huachuca to join a WIT.
5.0 out of 5 stars Solid forensics and interesting stories...good read 18 Sep 2012
By Carden530 - Published on
This book is by far the most interesting forensics book I have read to date, why? Because in is not just all technical and you get to learn about how our military uses digital forensics in their work defending our nation. The basics of Forensics have not changed too much in years and this book does a great job explaining the basics. If you are just getting into computer forensics, this book will teach you the basics. If you enjoy reading and learning about our military and the outstanding things they are doing for us overseas, you will enjoy this book. A great combination of technical teachings in the area of computer forensics and interesting stories of some of our nations bravest forensic examiners!
5.0 out of 5 stars Great information in any Digital Forensic World 12 Sep 2012
By Frederick Jay Ford - Published on
Format:Kindle Edition
With a constantly changing world in the specialized world of Digital Forensics, one thing is the basics don't change. Criminal elements and terrorists reign strong in this Digital realm. This book gives us an understanding into making an impact via Forensics into this realm. Everyone who reads this book will gain great insight - not just those in the warfighter theater. Stephen Pearson and Richard Watson do an excellent job in making the model for Digital Forensics understandable and useable. A must read for anyone concerned with doing Forensics right!
5.0 out of 5 stars DTF 12 Sep 2012
By Tom Eskridge - Published on
Have read the book and believe it to be very helpful. While set in the battle environment, the book gives excellent direction on how to quickly and efficiently collect and analyze digital media. Perhaps some will need to think outside the box, and not take the military slant to the book so literally.

In today's world, virtually all examinations are Triage at some level. Back in the day when MB where the way you counted storage, full and complete exams were very doable. (At the bit level with a hex editor). We have blown through MB and GB and now on to TB data sizes. Triage is the way of the future, and this book is an example of the path in that direction.
3.0 out of 5 stars Interesting book that will most likely not be helpful to many people 26 Jan 2012
By Dan Killam - Published on
This is an interesting book that will most likely not be helpful to many people. What I mean by this is that Digital Triage Forensics (DTF) is about responding to a battlefield scene and preserving the evidence, while getting valuable intel as quickly as possibly. Performing exams on the battlefield isn't something you're going to do unless you want to get shot by a sniper, mortared, etc., so the standard Computer Forensic Field Triage Process Model (CFFTPM), is not the best choice, which is why DTF has been developed.

Chapter 4 Using the DTF Model to Process Digital Media has some nice information in it for someone looking to for introductory material to the computer forensics field. DTF explains the differences between physical and logical drives with a library analogy, the hardware needed to conduct an exam, and some software available for use to help throughout the exam. The material is delivered in an easy to understand manner, but again, it's basic.

Chapter 5 Using the DTF Model to Collect and Process Cell Phones and SIM Cards was a decent chapter on cell phone collections, but again, no ground breaking research here. There are some tools covered that show they are certainly worthy of being mentioned, such as the HTCI Isolation Chamber. However, there is not much presented here that is not covered in the introduction level books to mobile forensics.

Nitpicking: This section is to just list some small complaints I have with the book. DTF uses many acronyms and if you're not familiar with the terms already, you may get them mixed up or just plain forget their meaning; some examples would include WIT, WTI, CEXC, LRCT, IDIP, DCSA, AOR, TTP, CITP, NGIC, INSCOM, NCOIC. The examples mentioned were from four pages I randomly flipped to. There also were a decent amount of typos or grammar mistakes in this publishing. Some as simple as copying the sentence used one sentence ago and changing a few minor parts of it to compare the differences of two objects, while not removing all the parts from the previous sentence. For example: X is a good tool for reasons a, b, and c. Y is a good is a nice tool for c, d, and e. Do you notice the mistake? I find these types of mistakes annoying and distracting.

As someone working in the corporate environment, I don't see this material being of much use to me personally, other than as a talking point and furthering my knowledge on the environment other examiners face. I could see this book holding value for law enforcement that deals with high risk situations. Another beneficial audience of this book could be soldiers who have interest in entering the field on a Weapon Intelligence Team (WIT) or are going to be training soldiers. This would provide a solid foundation for what is to be expected of the soldier.

Pictures are included in the book, which is a nice break from all the words on a page, but I found myself wondering as to why some pictures were included.

Overall, it was easy reading and nothing technical; I found the book to be interesting, but if you're looking for knowledge you can put to use in a non-battlefield environment, look elsewhere. I give this a 3/5, because if you read this for entertainment or had some interest in the topic, it wasn't going to bore you to sleep (too quickly). However, this information just isn't practical for anyone outside of the battlefield (which includes some law enforcement).

(This review can also be found on my website.)
Were these reviews helpful?   Let us know

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
First post:
Prompts for sign-in

Search Customer Discussions
Search all Amazon discussions

Look for similar items by category