All ADF software shares the same intelligent search engine and rapid scan capabilities. The key differences in our digital forensic products are in the form factor and the features focused on deployment and usage scenarios:
![]() |
Mobile Device Investigator® (MDI) is designed to be operated by front line police, sheriffs, field agents, and digital forensic investigators to quickly and easily collect digital evidence from iOS and Android phones and tablets by connecting a suspect device via USB port to quickly collect evidence and perform a logical acquisition. PRO bundles: Mobile Device Investigator is bundled with ADF computer forensics software as part of the following Professional bundles:
|
![]() |
Digital Evidence Investigator® has been designed to meet both forensic lab and field triage requirements. DEI is used by both forensic examiners and investigators who have training to run and configure the tool (advanced mode only). DEI also offers advanced search configurations, and separate authentication and collection keys which allows users to scan multiple computers simultaneously. DEI does not offer stealth mode during live scans or the ability to switch to basic user mode. |
![]() |
Triage-Investigator® has been designed for field triage requirements. It is primarily used by investigators with limited digital forensic training in running the tool (basic mode only). This basic user mode allows for ease-of-use and limits user risk. Triage-Investigator also offers separate authentication and collection keys which allows users to scan multiple computers simultaneously, which can be particularly useful for on-scene investigations. Triage-Investigator does not offer stealth mode during live scans, advanced search configurations, or the ability to switch to advanced mode. |
![]() |
Triage-G2® has been designed to meet military, intelligence and special forces media exploitation requirements. Triage-G2 is primarily used by operators who have training to both run the tool (basic mode) and with additional training, the option to configure the tool (advanced mode). Triage-G2 also offers a stealth mode for live scans, advanced search configurations, and an integrated authentication and collection key for optimized workflow. Triage-G2 is limited to scanning a single computer at one time. |
![]() |
Rosoka capabilities are now standard in Triage-G2® and Triage-G2® PRO and can be purchased as the Rosoka Add-on for any of the other ADF digital forensic tools. Integrated with ADF, Rosoka performs Entity Extraction and Language Identification to provide an English gloss (gisting) for over 200 languages with built-in Natural Language Processing (NLP). There is no need to load separate dictionaries, or even know beforehand what language(s) are contained within your documents. The ADF Rosoka Add-on will not only tell you what languages are there, but we'll give you an English gloss to give you better insight for better decisions. The Rosoka Add-on:
|
![]() |
![]() |
![]() |
![]() |
MDI Field Tablet | DEI PRO Field Tablet | |
SETUP & CONFIGURATION | ||||||
Define and package custom search criteria (Search Profiles) | Y | N | Y | Y | Y | Y |
Create custom data Captures (keywords, SHA-1/MD-5 hash, grep search, file collection) | Y | N | Y | Y | Y | Y |
Import VICS and CAID datasets for auto-categorization | Y | N | Y | Y | Y | Y |
Customize file headers | Y | N | Y | Y | Y | Y |
Configure folders and paths to scan | Y | N | Y | Y | Y | Y |
Configure files to search properties (size, timestamps, etc.) | Y | N | Y | Y | Y | Y |
Import Captures and Search Profiles | Y | Y | Y | Y | Y | Y |
Export Captures and Search Profiles | Y | N | Y | Y | Y | Y |
Out-of-the-box Search Profiles for "Media Exploitation" | N | N | Y | Y | Y | N |
Out-of-the-box Search Profiles for "Law Enforcement" (including Indecent Images) | Y | Y | N | Y | Y | Y |
Use any USB drive as a Collection Key | Y | Y | N | N | N | Y |
Use BitLocker to protect the Collection Key | Y | Y | Y | N | N | Y |
Prepare a Collection Key without Search Profiles to select Captures just before a Scan | Y | N | Y | N | N | Y |
Simple multi-workstation deployment with a single configuration file | Y | Y | Y | Y | Y | Y |
Ready to use with no installation and no setup required | N | N | N | N | Y | Y |
![]() |
![]() |
![]() |
![]() |
MDI Field Tablet | DEI PRO Field Tablet | |
SEARCHING DIGITAL DEVICES & IMAGES | ||||||
Scan connected and unlocked Android/iOS devices | Pro | Pro | Pro | Y | Y | Y |
Scan Android/iOS ADF backups | Pro | Pro | Pro | Y | Y | Y |
Scan iTunes backup found on target computer | Pro | Pro | Pro | N | N | Y |
RAM capture | Y | Y | Y | N | N | Y |
Scan turned-on Windows computers (live scan) | Y | Y | Y | N | N | Y |
Scan turned-off Windows, Mac, Linux computers (boot scan) | Y | Y | Y | N | N | Y |
Scan multiple computers on-site with a single license dongle | Y | Y | N | N | N | Y |
Scan drive images (e01, dd) | Y | Y | Y | N | N | Y |
Scan NTFS, FAT, ExFAT, HFS+, APFS, EXT2/3/4, YAFFS2 file systems | Y | Y | Y | N | N | Y |
Scan devices connected to suspect computer | Y | Y | Y | N | N | Y |
Scan external devices (USB, CD, DVD, SD cards, etc.) from forensic/friendly computer | Y | Y | Y | N | N | Y |
Recover hundreds of file types | Y | Y | Y | Y | Y | Y |
Recover communication artifacts (emails, chats, contacts, etc) | Y | Y | Y | Y | Y | Y |
Recover system artifacts (user accounts, WiFi connections, USB history, installed apps, etc) | Y | Y | Y | Y | Y | Y |
Recover application artifacts (peer-to-peer, anti-forensics, crypto-currency, etc) | Y | Y | Y | Y | Y | Y |
Recover web browser artifacts (browsing history, bookmarks, search terms, etc) | Y | Y | Y | Y | Y | Y |
Prompt for password for encrypted partitions (FileVault2 HFS/APFS, Bitlocker) | Y | Y | Y | N | Y | Y |
Ignore files from a whitelist (import from NSRL and VICS/CAID) | Y | Y | Y | Y | Y | Y |
Conduct live scans in Stealth mode | N | N | Y | N | N | N |
Automatically start a boot or live scan | N | N | Y | N | N | Y |
![]() |
![]() |
![]() |
![]() |
MDI Field Tablet | DEI PRO Field Tablet | |
IMAGING DIGITAL DEVICES | ||||||
Image suspect drives and storage devices (EWF and DD) | Y | Y | Y | N | N | Y |
Backup Android/iOS devices | Pro | Pro | Pro | Y | Y | Y |
ANALYSIS & REPORTING | ||||||
Review evidence directly on suspect computer | Y | Y | Y | N | N | Y |
Comprehensive filtering and sorting of results | Y | Y | Y | Y | Y | Y |
Hide duplicated files to reduce noise | Y | Y | Y | Y | Y | Y |
Analyze all files, artifacts, and users' activities in a single timeline | Y | Y | Y | Y | Y | Y |
View links between files of interest and user’s activities | Y | Y | Y | Y | Y | Y |
Tag and comment on relevant records to build report | Y | Y | Y | Y | Y | Y |
Automatic visual classification of pictures and videos | Y | Y | Y | Y | Y | Y |
Extract and translate entities from documents and communications (BETA) | Rosoka Add-on |
Rosoka Add-on |
Y | Rosoka Add-on |
Rosoka Add-on |
Rosoka Add-on |
Create comprehensive reports | Y | Y | Y | Y | Y | Y |
Export reports to HTML, PDF, VICS, and CSV formats | Y | Y | Y | Y | Y | Y |
Export reports to a standalone viewer executable | Y | Y | Y | Y | Y | Y |
Copyright 2021 | ADF ♥ Digital Forensics.