Authors – Book Reviewers – Product Reviewers – Bloggers – Evangelists

Digital Forensics Magazine is always on the look out for new talent and content and as the number one magazine for all matters Digital Forensics we are looking to expand our list of contributors. If you feel that you have something to contribute to the magazine in one of the following categories, contact us via and join the ever-growing team of international contributors who are leading the discussions.

If you have an idea for an article, which you would like to discuss, or if you want to become a regular contributor, we want to hear from you. The field of Digital Forensics is vast and with the ever-increasing use of technology in so many aspects of daily life, not previously envisaged, the need for the Digital Forensic investigator to go beyond the hard disk and the mobile phone requires new tools and techniques. If you are involved in Digital Forensics or related research, developing new tools to solve a particular problem (especially new technology), a learning experience from a case study or just want to share your ideas and thoughts we would like to hear from you. It does not matter if you have not written before; we will work with you to craft your idea into a publishable article using our team of experienced authors and editors. If this is you then email us at or submit your article idea via the website

/Book Reviewers
As we see the increasing and innovative use of technology, the need to secure and investigate said technology is increasing. As a result we see an increasing number of books being published that require review and comment. Working with the leading publishers Digital Forensics Magazine obtains these books to allow us to review and comment on. These reviews are then covered in the magazine and carried on the DFM Blog. Once selected you will be sent a list of books available for review, you then choose a title that you like and we will send you the book. You read the book and then fill out a review form to be sent back to DFM. If you would like to become a book reviewer for Digital Forensics Magazine contact us at with a CV to demonstrate that you have the required knowledge and experience to be a book reviewer.

/Product Reviewers
Digital Forensics Magazine regularly carries articles on various supporting investigative technologies and we have a number of companies that have asked us if we would consider reviewing their products. This is not a rubber stamping exercise, this is an in-depth review looking at aspects such as ease of installation, ease of use, information gained, usefulness of the product, supporting documentation etc. etc. To become a product reviewer you will need to be a suitably qualified Digital Forensics Investigator who has knowledge of the disciplines in which the technology operates. If you would like to be a product reviewer contact us at with a CV and a statement of why you believe you have the credentials to become a product reviewer.

The Digital Forensics Magazine blog is an outlet for news, commentary, ideas and even the occasional rant. We are looking for Digital Forensic researchers, investigators or even those with just an interest in the subject to join our growing band of regular contributors to the blog site to provide interesting and stimulating content. The content can be wacky as well as serious, however it must be related in some way to Digital Forensics and will be checked and edited prior to publication. If you would like to become a regular contributor to the digital forensics magazine blog then contact us at

Digital Forensics Magazine is a global magazine printed in English and distributed to over 40 countries including those in South Africa, South America, Australasia, Eastern Europe as well as in the UK and USA. The cost of promotion to such a large audience in all of these geographical areas is beyond the budgets of the magazine, so we are on the look out for evangelists; those people who believe passionately about Digital Forensics and are active in their own communities. DFM Evangelists receive discount vouchers to pass onto their communities as well as having direct access to the marketing team at DFM who will help them promote Digital Forensics related conferences, events and activities in their region. If you are interested in becoming a Digital Forensics Magazine Evangelist contact us at

Digital Forensics Magazine prides itself on not just being a magazine, but also for being a source of quality, valuable, and useful information for the Digital Forensics Profession. Our goal is to bridge the gap between the academic journal and the traditional magazine. We want to hear from you on what is good or bad as well as what you would like us to include so please provide your comments to us via and if you want to get involved in one of the activities outlined we would welcome you to the growing band of professionals who contribute to the growth of the magazine.



Cellebrite’s Panel of Leading Industry Experts Identify Mobile Forensics Trends for 2013

Petah Tikva, Israel, January 23, 2013 – As 2013 gets underway, Cellebrite, the leading provider of mobile forensic and mobile data transfer solutions, has announced a list of top trends in mobile forensics that will shape the year ahead.

To gather this list, Cellebrite interviewed a number of prominent experts from law enforcement, corporations and universities, as well as industry analysts, familiar with mobile forensics, information security and e-discovery and the most advanced mobile forensic products available today. They highlighted the following nine trends as the most critical for investigative and legal professionals to prepare for the upcoming year:

1. BYOD impacts the forensics industry. While “Bring Your Own Device” (BYOD) seemed to infiltrate the enterprise in 2012, the mobile forensics industry will confront the impact of this growing trend in the year ahead. BYOD adoption across the enterprise means that forensics professionals will encounter a greater number of compromised phones. According to John Carney, Chief Technology Officer, Carney Forensics, “For e-discovery experts, BYOD will mean contending with more devices that contain both personal and corporate evidence as well as an increase in legal challenges related to device access and privacy during corporate investigations.”

2. Critical data: there’s an app for that. According to a 2012 Nielsen report, the average smartphone user has approximately 41 apps installed on a single device. “Whether it’s mobile messaging, personal navigation, social media or improving productivity – apps are going to dominate smartphones and tablets in 2013,” said Carney. “The ability to extract critical data stored in apps will become the new measuring stick by which investigators gauge the superiority of mobile forensics tools.”

3. Smarter phones mean tougher encryption. “Expect to see more encryption of data on smartphones to protect personal privacy and corporate data, which will make forensic examination more challenging,” said Eoghan Casey, founding partner at CASEITE. Password technology, too, has advanced; pattern-screen locks have hindered forensic data extraction efforts. In 2013, look for mobile forensics tools to continue to find ways to bypass a greater number of passwords and device locks, as well as address advanced encryption technology.

4. Investigators can’t put all their eggs into one mobile operating system. Though Android took 75 per cent of the market in Q3 of 2012, for mobile forensics professionals, market share isn’t everything. As Paul Henry, security and forensics analyst, vNet Security, noted, “While Android is the predominant operating system, the bulk of the bandwidth is still taking place on Apple devices, making them critical to many investigations.” In addition, despite BlackBerry’s decline in recent years, Carney said: “Their popularity for over a decade will make them an important legacy device pertinent to investigations for years to come.”

5. Windows 8 is the wildcard. Notwithstanding all the attention garnered by Android and Apple, the real wildcard for 2013 will be the rise of Microsoft in the mobile device market. While questions remain regarding how prevalent Microsoft devices will become, Cellebrite’s panel of experts predicts that the need for mobile forensic tools providing support for Windows 8 will increase in the New Year.

6. Mobile devices advance as witnesses. Look for mobile devices and the data they contain to take centre stage in both civil and criminal investigations in the year ahead. “Civil litigators are discovering that mobile device evidence is just as important as digital documents and email evidence,” said Carney. According to Heather Mahalik, mobile forensics technical lead at Basis Technology, “Now, more than ever before, e-discovery experts need comprehensive training in order to ensure the proper extraction of all relevant data from mobile devices.”

7. The regulatory and legislative landscape remains uncertain. “Lawmakers and judges are looking at cell phones much more critically than they did computers,” said Gary Kessler, associate professor, Embry-Riddle Aeronautical University and a member of the ICAC North Florida Task Force. “However, because few understand the nature of the technology, they are erring greatly on the side of caution. This speaks to the need for greater education regarding the scope and possibilities of mobile forensics and what it means for privacy and pre-trial discovery.”

8. Mobile malware’s incidence will rise. In 2013, look for malware on smartphone platforms and tablets to increase exponentially, particularly on Android devices. According to Cindy Murphy, detective, computer crimes/computer forensics, Madison Wisconsin Police Department, “The intended uses of mobile malware will be very similar to non-mobile malware – steal money, steal information and invade privacy. For law enforcement and forensics professionals, mobile malware means dealing with potentially compromised devices that may help perpetrators cover their tracks, making it increasingly difficult for investigators to meet the threshold of reasonable doubt.”

9. Data breaches via mobile will rise. “Mobile forensics vendors should resolve to provide stronger capabilities for enterprise wide smartphone investigations to support the investigation of data breaches targeting smartphones and the needs of e-discovery,” said Casey. Malware together with large-scale targeted intrusions into smartphones (targeting sensitive data) will raise enterprises’ risks for data destruction, denial of service, data theft and espionage.

“From the increasing use of mobile evidence to challenges stemming from the rise in tougher encryption methods, there are a number of areas that will demand the attention of mobile forensics professionals in the year ahead,” said Ron Serber, Cellebrite co-CEO. “As the industry continues to evolve, it will be critical for the law enforcement community, as well as the enterprise, to invest in proper training and ensure that their budgets allow them to meet the growing demand for comprehensive device analysis and data extraction.”

Cellebrite’s UFED provides cutting-edge solutions for physical, logical and file system extraction of data and passwords from thousands of legacy and feature phones, smartphones, portable GPS devices, and tablets with ground-breaking physical extraction capabilities for the world’s most popular platforms – BlackBerry®, iOS, Android, Nokia, Windows Mobile, Symbian and Palm and more. The extraction of vital evidentiary data includes call logs, phonebook, text messages (SMS), pictures, videos, audio files, ESN IMEI, ICCID and IMSI information and more.

Cellebrite’s panel of experts included:
· Eoghan Casey, Founding Partner, CASEITE
· John Carney, Chief Technology Officer, Carney Forensics; Attorney at Law, Carney Law Office
· Paul Henry, Leading Security and Forensics Analyst, Principle at vNet Security; Vice President at Florida Association of Computer Crime Investigators; SANS Senior Instructor
· Gary Kessler, Associate Professor, Embry-Riddle Aeronautical University; ICAC Northern Florida Task Force
· Heather Mahalik, Mobile Forensics Technical Lead, Basis Technology; SANS Certified Instructor
· Cindy Murphy, Detective Computer Crimes/Computer Forensics, Madison Wisconsin Police Department
· Ron Serber, co-CEO, Cellebrite




Digital Forensics Survey Help

Hi everyone,

Our publisher, Tony Campbell, is running a survey as part of his MSc research project, looking into correlations between iPhone usage and configuration, and personality. If anyone can contribute to this research project by taking the survey, Tony would be very grateful. The obvious pre-requisite is that you are an iPhone user.

The survey can be found at




Digital Forensics Magazine Survey

As part of the Training & Education theme for Issue 5 Digital Forensics Magazine is carrying out a global survey. The survey asks digital forensic practitioners around the world to complete the survey with a view to ascertain the level of qualifications held.

The survey investigates the thoughts of practitioners on what they believe are the core competencies required of a digital forensics practitioner. They are also asking what knowledge would be required if there were practitioners graded at basic, intermediate and advanced levels.

Tony Campbell, one of the DFM publishing team said, “By asking the practitioners opinions with regard to international standards on training we hope to inform the debate going on in a number of forums on this topic.

The survey will be open over the next 3 months and we are encouraging all parties with a vested interest in the subject to take the survey to help us all understand the current status of training and education in Digital Forensics and shape the future. This is your profession, help us inform and guide those that are setting standards and making decisions about our profession. “

Readers are urged to take the 3 minute survey today at to make sure their thoughts and opinions are captured.

A summary of the results will be released in forthcoming monthly newsletters available to Digital Forensics Magazine newsletter subscribers, and the main findings will form the basis of an article in the main magazine published later this year.



The 10 Minute Guide to Forensics and Virtualization (Ubuntu/VBox style)

By Andrew Hoog

While virtualization is a key technology in the infrastructure of many enterprises, it is essential in the operation of a digital forensic organization.  Virtualization can be used in number ways, include:

–        Return analyst workstation to validated state for each investigation

–        Data recovery by attaching dd image of a drive as a secondary drive on a VM and running recovery software

–         Booting a dd image (similar to liveview)

–        Application and system profiling/footprinting essentially to the scientific method

–        Develop virtual appliances for specific functions (i.e. Android forensics appliance)

And these are just a few examples.  I’m sure many of you have additional uses you can share.  This brief article will share with you our experiences in this area.

Selecting a virtualization solution

There are many virtualization solutions available, including both commercial and non-commercial ones.  One of the best known is VMWare which offer a full suite of products ranging for their free VMWare Player to fully redundant enterprise solutions.  Another software giant in the virtualization game is Microsoft which offers desktop (Virtual PC) through enterprise (Hyper-V) solutions (and many in between).  On the Apple platform, there are two primary options are VMWare’ Fusion product and Parallels suite of products.  And on the Linux side, there are a number of options include KVM, Xen and VirtualBox.

After much testing, we ultimately chose VirtualBox by Oracle/Sun.  There were a number of reasons why we chose Virtual Box:

  1. KVM had serious performance issues on our computers…did not identify root cause
  2. Xen was a more significant commitment in time and energy
  3. VirtualBox has a nice GUI, performed great and has both an open source version and a commercial one.  It also provided a “headless” option allowing us to forego monitors.

Some folks could take issue with Virtual Box or at least have their own favorite and that’s fine.  But, we chose VirtualBox, are quite happy and so that’s what the rest of this article covers.  Our forensics workstations run a modified version of Ubuntu 10.04 service.  They have 8GB of RAM and a couple of multi-core processors.

VirtualBox just released an update on June 7, 2010.  The 3.2.4 release is a maintenance release but I like to see projects which are actively maintained and updated.  Additional details are available on the website.

Step by step guide

For a test project we had, we needed a Windows 2008 Server R2 64-bit.  Below are the steps you would follow on a computer running Ubuntu 10.04 Server 64-bit server (the .iso for that platform is ubuntu-10.04-server-amd64.iso):

Create blank VM

VBoxManage createvm –name Win2008SvrR2 –ostype Windows2008_64 –register

Add options, including full h/w visualization support (the online VirtualBox manual at is indispensable)

VBoxManage modifyvm Win2008SvrR2 –memory 4096 –acpi on –boot1 dvd –nic1 bridged –usb on –usbehci on –vrdp on –vrdpport 3390 –clipboard bidirectional –pae on –hwvirtex on –hwvirtexexcl on –vtxvpid on –nestedpaging on –largepages on

Setup bridged network using first Ethernet card (eth0)

VBoxManage modifyvm Win2008SvrR2 –bridgeadapter1 eth0

Add IDE controller (other options exist such as SCSI and SATA…IDE seems be the most used)

VBoxManage storagectl Win2008SvrR2 –name “IDE Controller” –add ide

Create and register hard drive (vdi)

VBoxManage createvdi -filename “/opt/vbox/HardDisks/win2008svrR2.vdi” -size 20000 -register

Attach hdd to VM

VBoxManage storageattach Win2008SvrR2 –storagectl “IDE Controller” –port 0 –device 0 –type hdd –medium /opt/vbox/HardDisks/win2008svrR2.vdi

Attach DVD to VM (upload your OS installation .iso to the host machine first)

VBoxManage storageattach Win2008SvrR2 –storagectl “IDE Controller” –port 1 –device 0 –type dvddrive –medium ~/win2008svr.iso

Start VM and install OS (recommend using screen to prevent killed session on detach)

VBoxHeadless -startvm Win2008SvrR2 -p 3390 &

Connect to new VM

Now that the new VM is booting up (and running the OS install), you need to connect to it.  To do so, you need an application which support Remote Desktop Protocol (RDP).  In Windows computers, you can run the Remote Desktop Connection/Terminal Services client but going to Start -> Run, type in mstsc and press OK.  In the Computer: section, you could type the IP address of your Ubuntu server.  The Linux and Apple platforms have similar RDP applications and the process is the same.  Complete the install of the operating system and reboot as needed.

Install VBox Additions

To enable shared folder, better video, usb support (if you downloaded/bought the PUEL edition), you need to install VBox Additions.


VBoxManage registerimage dvd ~/VBoxGuestAdditions_3.2.0.iso

VBoxManage storageattach Win2008SvrR2 –storagectl “IDE Controller” –port 1 –device 0 –type dvddrive –medium ~/VBoxGuestAdditions_3.2.0.iso

DVD should now be mapped on the VM.  You can remote into the VM with the direction above or determine what the IP address of the VM itself is, ensure RDP is enabled and remote into the computer directly.  From there, double click the DVD, perform the VBox Additions install and reboot.

Add shared folders

Make sure Windows guest OS is shutdown and type the following in the Ubuntu server:

VBoxManage sharedfolder add Win2008SvrR2 –name “mnt” –hostpath “/mnt” –readonly

VBoxManage sharedfolder add Win2008SvrR2 –name “ahoog” –hostpath “/home/ahoog”

Restart the VM with the following command:

VBoxHeadless -startvm Win2008SvrR2 -p 3390 &

And then connect to the VM directly as described above.  To access the new shared drives, you use UNC.  Essentially, go to Start -> Run, type \\VBoxSvr and press OK.  You will then see a list of shared folders.

Connect USB devices

If you purchased the enterprise version or are simply evaluating for PUEL (Personal Use and Evaluation License) version, you can connect USB devices.  The documentation was not clear but we determined the necessary steps.

Add usbusers group

sudo addgroup usbusers

Add each user

Then, you need to add each local user that might run VirtualBox to the userusers group:

sudo usermod -a -G usbusers ahoog


There is much more to say about forensics and virtualization.  But, alas, cases are piling up and it will have to wait until the next install of this article that will begin to cover how to use your shiny new VBox virtual machine for some of the tasks I outlined at the start of this article.   If you are interested in additional how to articles or information, check out my own blog at or feel free to contact me directly.

Andrew Hoog is a computer scientist, computer/mobile forensic researcher and Chief Investigative Officer at viaForensics. His company assists and trains law enforcement and provides innovative digital forensics solutions to corporations and attorneys. He is currently writing a book about Android Forensics and maintains the Android Forensics Wiki at



5 Reasons for Digital Forensic Examiners to Use Content Marketing

For the Issue 3 (May 2010) of Digital Forensics magazine’s newsletter, I posted a short article about content marketing, the best way to share your expertise with clients and prospects alike. Here, I want to go into more detail about each of the five points I raised.

1) The people you serve come to trust you. Content shows the thinking that drives the service, the combination of knowledge and personality that sets you apart from competitors. These days, it’s not just the product that’s valuable enough anymore. Customers are cynical about being “sold to,” and in the event that your product doesn’t quite meet expectations, it’s important to provide value in different ways so that your customers will keep the faith that the next time around, you’ll improve.

Of course, this begs the point that you know in advance what content your customers (and prospects) need. This kind of market research can come down to Internet polls, informal surveys or interviews, social media monitoring, and other means of information gathering. It can come from your most loyal customers – who are usually more familiar than anyone else with how your product or service solves their problems – and from your most coveted prospects, which may appreciate challenging you to help them. The best content is tailored to each group’s specific needs.

2) Social media make it easy to share. Whether a slide or video presentation on SlideShare or Prezi, a white paper on Scribd or DocStoc, or customer success stories on YouTube or your blog, your content is now available to a wider community.

This can be very important when you’re targeting different market segments. One of the most popular social sites for digital forensics examiners is Twitter, and to be part of this community is a good idea. But what if you’re not selling directly to examiners? What if, instead, you’re selling to law firms or banks or small businesses? You’d want to find the social sites they’re on, become part of their communities too, rather than expect them to come to yours.

Content variety is also important from the standpoint of search engine optimization. YouTube is a particularly powerful SEO, so video content tagged with those all-important keywords, embedded on your website, can potentially accomplish two things: 1) drive traffic back to your site and 2) raise your site’s search rankings.

Just make sure the keywords you choose are the ones your customers are actually using, or are likely to use. (Hint: if you’re using Google Analytics to track site performance, take a look at the searched-on keywords that brought people there.)

3) You can highlight new or underrated aspects of what you are doing. This is the “marketing” side of content marketing – what services help your market, and why?

This goes hand in hand with #2 above, but also with #1, as it helps both existing clients and prospects get to know you better. However, be careful not to “sell,” but rather to educate, to show people how the products or services solve their problems both large and small. A case study about how data recovery helped a small business recover from a breach, or about how a customer got creative and figured out how to use your software in ways you never anticipated, does the “heavy lifting” in terms of showing – not just telling – about the relevance you have to the market.

4) You can highlight problems your community or target market is facing. What do you get the most calls about? What kinds of cases do you most frequently work on, involving what types of technology?

As with #3, here it’s important to educate. Without giving up clients’ or citizens’ identities, you can talk in general terms about an interesting question involving employees’ personal digital devices in the workplace, or trends you see among victims of a certain type of crime (for example, identity theft), or even little known, but important facts about investigations, security, and so forth.

5) An ounce of prevention… show people how to protect themselves, and they’ll call you just when they really need you. That saves time and money, along with your staff’s brainpower, for true challenges!

Back to #1 and trust building. It’s easy to get frustrated with victims. “Don’t they know better?” you might complain after your password-integrity training falls on deaf ears, or the media has been covering identity theft extensively, yet you still get calls from people with drained bank accounts or maxed-out credit cards.

People hear and process information differently, so use your cases (where feasible) to improve your training. Use a series of short blogs or video entries to focus in on specific aspects of password integrity, or target identity theft education to small groups in your community – teenagers, seniors, parents, and business owners.

Talk to them using language and concepts they understand, and they’ll not only remember the information, but you’ll be the one they call when their best efforts fail.

Content marketing is well worth the time and effort put into it. If you know your subject and can present it for average people to understand, you’ll build loyalty for the long term. Do create a schedule for regular content production, do know who in your organization is most capable of producing the highest quality content, and do integrate the content into your other marketing efforts.

By Christa Miller

Christa M. Miller is a public relations strategist specializing in digital forensics and law enforcement. A trade magazine journalist for nearly a decade, she now works with clients on content strategy and creation using a mix of traditional and digital media. She resides in South Carolina, USA with her family. Visit her website at



Final Call for Papers

Final Call for Papers (Closes Friday 2 July 2010)

The 2010 Digital Forensics International Conference “Digital Forensic Cases, Tools & Techniques” September 6 & 7

The final call for papers closes 2 July for industry or academic papers examining digital forensic cases, tools and techniques.

AUT University Digital Forensic Research Laboratories is hosting two days examining the state of practice in the first week of September. Presentations are again invited from Practitioners and Researchers to bring together the best practice and innovation in the field. As Digital Forensics has differentiated from its Security and Computing roots rapid and path changing approaches are evolving that are contributing to standardisation, extraction & analysis techniques, and a better fit of the legal, managerial and IT worlds. The Digital Risk will not go away and is contextualised in the many voices of different practitioners, researchers and organisations.
You wish to be a part of these two days examining the current state of Digital Forensic practice ? – then please send in your abstract (150 words).

Presentations are accepted in three streams:

  1. Cases:LegalCases,EmployerRisk,ProfessionalPractice,Standardisation
  2. Tools:Reliability,Functionality,Testing,Development,Demonstrations
  3. Techniques: Mobile Devices, Extraction Practices, Preservation Skills, Network Forensics, Environmental Forensics, CCTV & Image, GPS

All presentations are first selected on the relevance of an abstract to one of the three streams. (email Abstract to: before 2 July, Header: ‘Abstract’)

Presentations may be requested as:

  1. PowerPointTechniquesCases
  2. ToolsDemonstration
  3. Refereed Academic Research Paper (Full Peer review process available)

Important Dates :

  • Friday 2 July – Last Day for Abstract Proposals
  • Friday 9 July – All presenters Notified of acceptance
  • Friday 23 July – Last Day for Full Papers for Referees
  • Friday 6 August – Referee Reports
  • Friday 13 August – Last day for Published Papers
  • Monday 6 & 7 September – Conference

Venue: AUT University, Faculty of Business Building, Auckland, New Zealand.



New Releases From Syngress

Syngress, by far the best publisher of digital forensics and general security books, has just released a new batch of books that are of great interest to all general forensics investigators and researchers. We have featured three of these books in our regular DFM competition as a prize for any subscriber answering the ‘really difficult’ security question posed by our editorial team. The three books up for grabs are:

  1. Virtualization and Forensics
  2. Digital Triage Forensics
  3. Digital Forensics for Network, Internet and Cloud Computing

All three topics are especially interesting as these books cover the most prevalent of emerging problems for the forensic analyst. File carving, imaging and traditional use of products, such as enCase and FTK are still right at the top of the list when it comes to ‘things the digital forensic analyst does every day’, however, it’s been recognized for a while now that cloud computing is just around the corner, and when computing power and storage moves into the cloud, forensic investigating will be very different. We’ll be relying on software services and auditing services provided by cloud utility vendors, and with the ‘international’ issues that cloud suddenly introduces, such as ‘how do you get a warrant for data that is stored in a data center in India?’ it will certainly be an interesting future.

I would strongly recommend that you read Digital Forensics for Network, Internet and Cloud Computing by Terrence V. Lillard, Clint P. Garrison, Craig A. Schiller and James Steele, as this books really does cover a plethora of issues that we’ll all have to face, maybe sooner than we think.

Also, as a special offer, Syngress has offered the Digital Triage Forensics book at half price for a limited time. The following was posted on Twitter:

“Learn from the experts who coined the term Digital Triage Forensics. Get the book for 1/2 price w/ code 31884.

Again, I’d certainly recommend this book and after reading through it (yes, I get these sent to me for review purposes so I have it on my desk as I type), it looks great. It’s written by the guys who coined the use of the word Triage in this context, so they know what they are talking about, and unlike many real technical books this one really does dig into the investigative techniques that should be used at the crime scene, including quite an interesting analysis of ‘Battlefield Crime Scenes’, where a triage approach is by far the only way to successfully approach the forensics problem.

Tony Campbell