Compare Products

ADF Forensic Tools - Product Differences

All ADF forensic tools share the same search and scan engine. The differences are aimed at 1) usage scenarios – specifically military operations, forensic lab examination, and field investigations, and 2) user risk management.

Triage-G2® has been designed to meet military media exploitation requirements. The tool is primarily used by operators who have training to both run the tool (basic mode) and with additional training, the option to configure the tool (advanced mode). It also offers a stealth mode for live scans, advanced search configurations, and an integrated authentication and collection key for optimized workflow. It is however limited to scanning a single computer at one time.

Digital Evidence Investigator® (DEI) has been designed to meet both forensic lab and field triage requirements. It is primarily used by both forensic examiners and investigators who have training to run and configure the tool (advanced mode only). It also offers advanced search configurations, and separate authentication and collection keys which allows users to scan multiple computers simultaneously. It does not offer stealth mode during live scans or the ability to switch to basic user mode.

Triage-Investigator® has been designed for field triage requirements. It is primarily used by investigators with limited digital forensic training in running the tool (basic mode only). This basic user mode allows for ease of use and limits user risk. It also offers a separate authentication and collection keys which allows users to scan multiple computers simultaneously. It does not offer stealth mode during live scans, advanced search configurations, or the ability to switch to advanced mode.

  Digital Evidence Investigator® Triage-G2 Triage-Investigator

Setup and Configuration

     
Create custom Search Profiles
Create custom Captures
(keywords, SHA-1/MD-5 hash, grep search, file collection)
Configure Artifacts
Configure file collection types
Customize file headers
Configure folders and paths to scan
Set filters by file properties
(size, timestamps, etc.)
Advanced mode
Basic mode Note 1
Configure Stealth Mode
Out-of-the-box Search Profiles for "Media Exploitation"
Out-of-the-box Search Profiles for "Law Enforcement"
(including Indecent Images)

Processing Computers and Media

     
Forensically Sound
Scan drive images (e01, dd)
Scan live (on) computers
Scan dead (off) computers
Scan multiple computers/devices simultaneously
with a single license dongle
Scan NTFS, FAT, HFS+ , EXT systems
Scan devices connected to suspect computer
Scan external devices (USB, CD, DVD, SD cards, etc.)
from forensic/friendly computer
Images suspect drives & media Note 2
Comprehensive file and artifact analysis and collection Note 3

Analysis and Reporting

     
Review evidence on suspect computer
Create comprehensive reports
Timeline analysis of files and artifacts
Comprehensive filtering of results
Tag evidence on suspect computer
Export standalone report viewer
Export HTML and CSV report formats

Other

     
Extended license duration (limitations)

Note 1: Triage-G2 is switchable between Advanced and Basic Modes.

Note 2: Triage-Investigator can only image drives and other media during live or boot scans (Note: DEI and Triage-G2 can also image from a forensic/friendly computer).

Note 3: Triage-Investigator can only run either the out-of-box Search Profiles or custom Search Profiles created by Digital Evidence Investigator (DEI).®

  • READY TO ACCELERATE YOUR DIGITAL INVESTIGATIONS?