Frequently Asked Questions

Purchase

  • How can I purchase ADF Triage tools?

    You can purchase ADF triage tools directly on-line, by email (sales@adfsolutions.com) or by calling us at 301-312-6578, option 2.

  • What license terms does ADF offer?

    ADF Solutions offers 1-year or 3-year subscription (or term) licenses with its software. During the license term, all support, maintenance, and upgrades are included. Annual renewals can be purchased to extend the license terms.

  • Does a subscription (or term) license stop working after the term expires?

    For Triage-Examiner and Triage-Responder, a subscription (or term) license does stop working when the term expires. Triage-G2 offers and option for extended usage after support has expired. If your renewal has been delayed and the license has either expired or is about to expire, ADF Solutions can provide you with a temporary extension so that there is no interruption in the software service. Please contact us to request an extension.

  • Does ADF provide support and maintenance for its tools?

    Yes, ADF provides comprehensive support and maintenance for our users. Please visit our Support page for details.

  • How does ADF handle software upgrades?

    All ADF Triage tools now include automatic software upgrade if the installed computer has access to the Internet.
    In addition, all the registered forum users are notified by email when a new upgrade is available for download.

  • My subscription (or term) license has expired – can ADF help?

    Yes. If your renewal has been delayed and the license has either expired or is about to expire, ADF Solutions will provide you with a temporary extension to your subscription (or term) license so that there is no interruption in the software service. Please contact us to request an extension.

    Trial Download

  • How can I try the Triage-Examiner and Triage-G2 tools?

    ADF offers a 30-day evaluation version of the Triage-Examiner and Triage-G2 tools. To receive this evaluation software, you need to purchase our evaluation Triage Kit for US$149 plus shipping and handling. The Kit includes a high-speed 32GB USB drive and additional hardware. This cost will be reimbursed if you choose to purchase a full license for the product.

  • How can I try the Triage-Responder tool?

    Please contact us to request a trial.

  • What are the user requirements to evaluate the trial versions of the ADF tools?

    If you are not a forensic examiner, we ask that you please coordinate with a forensic examiner within your organization to supervise or perform the evaluation of the ADF tools. This is because users with no (or minimal) forensic training will require proper training to set up, use, and evaluate the tools. Once this training is complete, these users can easily use the tools.

  • Can I still get ADF support during the trial of the ADF triage tools?

    Yes. ADF provides full support during the trials (or evaluations) of its triage tools.

  • What are the differences between the versions of Triage?

    See our Triage tool comparison page here.

  • Who are the typical users of the ADF triage tools?
    Market Users Training Current Products
    Site Exploitation Defense and Intelligence operatives 2-day DFR or equivalent Triage-G2®
    Investigator/Responder Triage Investigators and First Responders Minimal Triage-Responder®
    Digital Forensics Forensic Examiners and trained investigators 2-day DFR or equivalent Triage-Examiner®
  • Which ADF triage tools scan computers that are off (dead)?

    All the ADF triage tools can be used to scan computers that are off (dead).

  • Which ADF triage tools scan computers that are on (live)?

    All the ADF triage tools can be used to scan computers that are on (live).

  • Which ADF triage tools scan drive images?

    Triage-Examiner can scan drive images if the Lab Add-On module is purchased.

  • Which ADF triage tools scan removed hard drives?

    The best tool to scan removed hard drives is Triage-Examiner with the Lab Add-On module.

Performance

  • How long does the triage process normally take?

    The triage process can take minutes or hours, depending on your goals and objectives. Specifically:

    1. Do you need to find evidence as quickly as possible (time restricted)?
      If YES, then the ADF triage tools can be configured to search the highest probability areas of a computer first so that you can achieve your goals.
    2. Do you need to scan the entire hard drive?
      If YES, then this will take some time and should probably run overnight. Keep in mind that this will still be much faster than processing a case for a full forensic examination – the difference is hours for a triage scan versus days for processing a drive image.
    3. With regard to variables, the triage process primarily depends on the following factors:
      - The memory (RAM) of the suspect computer.
      - The read/write speeds of the suspect hard drive.
      - The read/write speeds of the Triage Key (USB key).
      - The size of your SearchPaks®. You can contact us for more details.
  • Can I scan multiple computers at one time with the new ADF tools?

    This capability is available in Triage-Examiner as it is the only ADF tool that requires both a USB-based ADF license dongle and a separate generic (non-ADF) USB collection device. As a result, users can set-up unlimited generic USB collection devices and leverage a single ADF license dongle to start simultaneous scans on multiple computers. However, you will need one Triage Key for each computer you wish to scan simultaneously.

Triage Implementation

  • Can the ADF triage tools be used by nontechnical users?

    Yes. ADF has been providing easy-to-use, yet powerful triage tools for nontechnical users since 2005, and we have numerous success stories with our clients.

  • Can I use existing SearchPaks® created by other users?

    Yes. ADF provides an FTP server that hosts valuable SearchPaks® created by our users who decide to share them.

    Note that you are required to have law enforcement-designated Authentication Keys in order to use the SearchPaks® created by other law enforcement agencies.

Forensic Triage vs. Forensic Examinations

  • Do the ADF tools compete with forensic software such as Encase® or FTK®?

    No. The ADF tools are forensic triage tools designed to preprocess cases prior to their submission for full forensic examinations. They are not meant to substitute for full forensic examinations. However, the time savings for identifying negative computers is significant.

  • Is forensic triage a replacement for full forensic examinations?

    No. The ADF tools are forensic triage tools designed to preprocess cases prior to their submission for full forensic examinations. They are not meant to substitute for full forensic examinations.

Training

  • What is the Digital First Responder® Training?

    The two-day Digital First Responder® Training and Certification program is designed to equip users with knowledge and skills to properly use the ADF triage tools.

  • Does ADF offer trainings for my area?

    Please visit our Training Partners to see where ADF offers DFR training. If your country is not listed on this page, please contact us to schedule training.

  • How can I schedule a Digital First Responder® (DFR) training class?

    DFR training classes can be organized and held in most countries. Training classes are scheduled on a request basis and generally held at client locations. Please contact us to schedule a training or for pricing and further details.

  • Does ADF offer a Train the Trainer program?

    Yes. Please visit our Train the Trainer page for details.

  • What ADF training is required for forensic examiners?

    Are you a forensic examiner looking to use triage tools?
    If YES, then DFR training is optional. However, ADF strongly recommends that you view the training videos that are available on the ADF user forum.

    Are you a forensic examiner looking to set up and manage investigators who will triage suspect computers?
    If YES, then ADF considers attendance of a DFR training class with the investigators to be mandatory. An understanding of what the investigators are trained to do will facilitate a smooth triage program for your organization.

  • What are user training requirements?

    Triage for Investigators (2 Day): This course is expressly designed for users, typically case agents, who have limited computer experience but are involved in cyber investigations. Students will learn the steps required to properly search a computer for evidence or Intelligence in the field; how to ensure they maintain the legal chain of custody of evidence; and the difference between a targeted and a full forensic examination.

    Triage for Examiners (2 Day): This course is specifically designed for users with advanced computer skills or supervising others using ADF tools. Students in this course will learn how they can take advantage of the advanced but easy to use features included in ADF tools. They will learn how to execute complex searches, understand advanced features, and analyze the scan results.