Triage-Investigator is the latest evolution of ADF's award-winning intelligent forensic tool designed for field deployment. The tool has a proven track record of providing easy and quick access to court defendable evidence to process cases and leveraging investigators to assist forensic labs with rapid collection, analysis, reporting, and managing digital backlogs.
Triage-Investigator is easy-to-use, easily configurable, supports a wide array of computer hardware, has powerful boot capabilities, is forensically sound, and comes with technical support and regular upgrades.
Triage-Investigator is designed to work with Digital Evidence Investigator® (DEI) and provide a digital forensic platform where forensic labs can leverage investigators to collect and process data and analyze computers and digital devices in the field. The ADF digital forensic platform enables an organization to control search criteria used in the field. DEI with Triage-Investigator enables organizations to roll out digital forensic software to the field quickly with minimal training and confidence that forensic integrity will be maintained during collection, analysis and reporting.
Extremely easy-to-use, minimum training required
Easily and quickly generate prosecution ready reports
Very intuitive GUI, optimized for touchscreen tablets and kiosks
Forensically sound, minimize
Able to investigate live powered on computers, dead powered off computers, forensic images, the contents of folders and network shares (including shares made available by NAS devices)
Seamless integration with ADF's Digital Evidence Investigator® tool to access customized Search Profiles and large hash sets of known suspect files, including Project VIC and CAID (tested with over 30 million hash values)
Automatic tagging of hash and keyword matches
Automatic linking of files with artifacts
Automatic time zone detection
Recover images from unallocated drive space
Comprehensive video preview and frame extraction
Process NTFS, FAT, HFS+, EXT, ExFAT and YAFFS2 file systems
RAM Capture capability
Powerful booting capability (including UEFI secure boot and Macs) provides access to internal storage that cannot be easily removed from computers
Includes powerful pre-configured Search Profiles
A unique timeline that combines files, artifact records, and people into a single view
Standalone viewer to easily collaborate with others involved with the case
Automated and easy-to-use imaging capabilities to support forensic labs
Detect and warn of BitLocker and FileVault2 protected drives
Decrypt and scan or image BitLocker volumes including those using the new AES-XTS encryption algorithm introduced in Windows 10
Fully encrypted USB key with BitLocker