Digital Triage Forensics: Processing the Digital Crime Scene and over 2 million other books are available for Amazon Kindle . Learn more
FREE Delivery in the UK.
In stock.
Dispatched from and sold by Amazon.
Gift-wrap available.
Digital Triage Forensics:... has been added to your Basket
+ £2.80 UK delivery
Used: Very Good | Details
Sold by Nearfine
Condition: Used: Very Good
Comment: Gently used. Expect delivery in 20 days.
Trade in your item
Get a £9.65
Gift Card.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Digital Triage Forensics: Processing the Digital Crime Scene Paperback – 28 Jun 2010

See all 2 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle Edition
"Please retry"
"Please retry"
£23.39 £14.87
£38.99 FREE Delivery in the UK. In stock. Dispatched from and sold by Amazon. Gift-wrap available.

Trade In this Item for up to £9.65
Trade in Digital Triage Forensics: Processing the Digital Crime Scene for an Amazon Gift Card of up to £9.65, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Learn more

Product details

More About the Author

Discover books, learn about writers, and more.

Product Description


"Syngress [is] by far the best publisher of digital forensics and general security books.I'd certainly recommend this book and after reading through looks great. It's written by the guys who coined the use of the word Triage in this context, so they know what they are talking about, and unlike many real technical books this one really does dig into the investigative techniques that should be used at the crime scene, including quite an interesting analysis of 'Battlefield Crime Scenes', where a triage approach is by far the only way to successfully approach the forensics problem." -Tony Campbell, Publisher, Digital Forensics Magazine

About the Author

Stephen Frank Pearson was born in Aylesbury, England in 1963 and has been involved with Digital Media Exploitation since the early 1990's. Stephen served in the United States Army as a Military Policeman for over 21 years. During this time, Stephen wrote and compiled numerous texts that are still used today to train the Army's Military Police and Investigators. Stephen's last military assignment was Non Commissioned Officer in Charge of the Advanced Technology Criminal Investigations Division at the Military Police School, Ft Leonard Wood, Missouri. After retiring, Stephen accepted a position as chief of detectives at the Pulaski County Sheriffs Office in Missouri. Stephen opened the first Digital Forensic Lab at the Sheriff's Department which was responsible for numerous convictions. Stephen, during this time, also started and ran the High Tech Crime Institute. In 2006 Stephen was contracted by the National Ground Intelligence Center to teach and design a course in Digital Triage Forensics for the new WIT teams deploying to Iraq and Afghanistan. To date, Stephen continues to teach and design new procedures that enable small team units to gather and exploit Digital Media from the Battle Space. Stephen currently lives in Palm Harbor, Florida and is the CEO of the High Tech Crime Institute.

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

Customer Reviews

There are no customer reviews yet on
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on (beta) 5 reviews
10 of 13 people found the following review helpful
Maybe 4 stars if you respond to IEDs in SWA, but 2 stars for civilians 27 July 2010
By Richard Bejtlich - Published on
Format: Paperback
I have to preface this review by saying my criticism of this book should not be taken as criticism of the brave men and women who put their lives on the line fighting for our freedom in Southwest Asia (SWA). I'm reviewing the book "Digital Triage Forensics" (DTF), not the people who wrote it or the people who rely on the concepts therein.

DTF is a misleading, disappointing book. The subtitle is "processing the digital crime scene." The back cover says "the expert's model for investigating cyber crimes," and it claims "now corporations, law enforcement, and consultants can benefit from the unique perspectives of the experts who pioneered DTF." That sounds promising, right? It turns out that DTF is essentially a handbook for Weapon Intelligence Teams (WITs) who deploy to Iraq and Afghanistan to collect battlefield intelligence before and after Improvised Explosive Devices (IEDs) detonate! I cannot fathom why Syngress published this book, when the intended audience probably numbers in the dozens. Unless you need to learn the basics of how to collect cell phones and hard drive images to provide "actionable intelligence" to warfighters, you can avoid reading DTF.

I don't buy the argument that a book written for WIT members is going to apply to the civilian world. The authors make no apology for their claims that civilian operators have it easy, compared to the 5-10 minutes a WIT member has on the ground, perhaps under enemy fire or under the threat of enemy fire. If the authors wrote the book to say "here are lessons to use in your environment, based on what we learned in our environment," I could understand the argument. Instead, DTF says "here is the WIT environment, and here's how to operate within it -- WIT newbie."

If you're wondering how the DTF model compares to the Computer Forensic Field Triage Process Model (CFFTPM), I'll spare you the cost of buying the book: CFFTPM is Planning -> Triage -> Identification -> Collection -> Preservation -> Examination -> Analysis -> Report, whereas DTF is Planning -> Identification -> Collection -> Preservation -> Triage -> Examination -> Analysis -> Report. In DTF Triage is moved to a later phase because WIT members are physically at risk on the battlefield and don't have time for triage. As a book DTF also argues that it's important to extract actionable intelligence from evidence to support military actions within 12-72 hours, so sending everything to a central lab is likely to result in bottlenecks and missed opportunities.

From a quality point of view, DTF unfortunately exhibits some of the qualities found in older Syngress titles. Figure 1 on p x includes memorable phrases like "forebasics prevending lab backlog" [sic] and "expbiatation attempts" [sic]. Oddly enough "cleaned up" versions of figure 1 appear later as figures 2-1 and 2-2, and again as figure 6-1.

There's no reason to read this book unless you are "volunteered" (the authors' term) to Fort Huachuca to join a WIT.
Interesting book that will most likely not be helpful to many people 26 Jan. 2012
By Dan Killam - Published on
Format: Paperback
This is an interesting book that will most likely not be helpful to many people. What I mean by this is that Digital Triage Forensics (DTF) is about responding to a battlefield scene and preserving the evidence, while getting valuable intel as quickly as possibly. Performing exams on the battlefield isn't something you're going to do unless you want to get shot by a sniper, mortared, etc., so the standard Computer Forensic Field Triage Process Model (CFFTPM), is not the best choice, which is why DTF has been developed.

Chapter 4 Using the DTF Model to Process Digital Media has some nice information in it for someone looking to for introductory material to the computer forensics field. DTF explains the differences between physical and logical drives with a library analogy, the hardware needed to conduct an exam, and some software available for use to help throughout the exam. The material is delivered in an easy to understand manner, but again, it's basic.

Chapter 5 Using the DTF Model to Collect and Process Cell Phones and SIM Cards was a decent chapter on cell phone collections, but again, no ground breaking research here. There are some tools covered that show they are certainly worthy of being mentioned, such as the HTCI Isolation Chamber. However, there is not much presented here that is not covered in the introduction level books to mobile forensics.

Nitpicking: This section is to just list some small complaints I have with the book. DTF uses many acronyms and if you're not familiar with the terms already, you may get them mixed up or just plain forget their meaning; some examples would include WIT, WTI, CEXC, LRCT, IDIP, DCSA, AOR, TTP, CITP, NGIC, INSCOM, NCOIC. The examples mentioned were from four pages I randomly flipped to. There also were a decent amount of typos or grammar mistakes in this publishing. Some as simple as copying the sentence used one sentence ago and changing a few minor parts of it to compare the differences of two objects, while not removing all the parts from the previous sentence. For example: X is a good tool for reasons a, b, and c. Y is a good is a nice tool for c, d, and e. Do you notice the mistake? I find these types of mistakes annoying and distracting.

As someone working in the corporate environment, I don't see this material being of much use to me personally, other than as a talking point and furthering my knowledge on the environment other examiners face. I could see this book holding value for law enforcement that deals with high risk situations. Another beneficial audience of this book could be soldiers who have interest in entering the field on a Weapon Intelligence Team (WIT) or are going to be training soldiers. This would provide a solid foundation for what is to be expected of the soldier.

Pictures are included in the book, which is a nice break from all the words on a page, but I found myself wondering as to why some pictures were included.

Overall, it was easy reading and nothing technical; I found the book to be interesting, but if you're looking for knowledge you can put to use in a non-battlefield environment, look elsewhere. I give this a 3/5, because if you read this for entertainment or had some interest in the topic, it wasn't going to bore you to sleep (too quickly). However, this information just isn't practical for anyone outside of the battlefield (which includes some law enforcement).

(This review can also be found on my website.)
Solid forensics and interesting stories...good read 18 Sept. 2012
By Carden530 - Published on
Format: Paperback
This book is by far the most interesting forensics book I have read to date, why? Because in is not just all technical and you get to learn about how our military uses digital forensics in their work defending our nation. The basics of Forensics have not changed too much in years and this book does a great job explaining the basics. If you are just getting into computer forensics, this book will teach you the basics. If you enjoy reading and learning about our military and the outstanding things they are doing for us overseas, you will enjoy this book. A great combination of technical teachings in the area of computer forensics and interesting stories of some of our nations bravest forensic examiners!
DTF 12 Sept. 2012
By Tom Eskridge - Published on
Format: Paperback
Have read the book and believe it to be very helpful. While set in the battle environment, the book gives excellent direction on how to quickly and efficiently collect and analyze digital media. Perhaps some will need to think outside the box, and not take the military slant to the book so literally.

In today's world, virtually all examinations are Triage at some level. Back in the day when MB where the way you counted storage, full and complete exams were very doable. (At the bit level with a hex editor). We have blown through MB and GB and now on to TB data sizes. Triage is the way of the future, and this book is an example of the path in that direction.
Great information in any Digital Forensic World 12 Sept. 2012
By Frederick Jay Ford - Published on
Format: Kindle Edition
With a constantly changing world in the specialized world of Digital Forensics, one thing is the basics don't change. Criminal elements and terrorists reign strong in this Digital realm. This book gives us an understanding into making an impact via Forensics into this realm. Everyone who reads this book will gain great insight - not just those in the warfighter theater. Stephen Pearson and Richard Watson do an excellent job in making the model for Digital Forensics understandable and useable. A must read for anyone concerned with doing Forensics right!
Were these reviews helpful? Let us know