An important consideration is a triage tool’s intended use (which can be different for investigators and examiners). Triaging can provide the investigator or first responder with the methodology to quickly assess a computer’s relevance to an investigation prior to removing its power and seizure. For example, an investigator might want to quickly search for suspected pornographic images. Indeed, with the use of a triage tool, it may not be necessary to seize the computer at all if no probative data is found! If seized, an examiner might be interested in examining Registry information. He/she could use a triage tool to perform a more in-depth analysis or quickly triage a number of computers to determine which ones need further analysis using more sophisticated forensic tools. Since a given triage tool may or may not support both of these functionalities or might not be easily configurable to perform both tasks, several may be needed for investigators and examiners to cover potential uses.

From: Parameters for Selecting a Triage Tool by John J. Barbara