All ADF software shares the same intelligent search engine and rapid scan capabilities. The key differences in our digital forensic products are in the form factor and the features focused on deployment and usage scenarios. Users can select to deploy Mobile Forensics, Computer Forensics, or ADF PRO tools which combine all capabilities into a portable lab.
| Digital Evidence Investigator® | Mobile Device Investigator® | |
|---|---|---|
| Instant previewing of mobile devices (no waiting for backups) | PRO | ✔️ |
| Scan connected and unlocked Android and iOS devices. | PRO | ✔️ |
| Scan connected ChromeOS devices. | ✔️ | ❌ |
| Scan connected MTP devices (digital camera, legacy phones, etc.) | PRO | ✔️ |
| Scan Android and iOS ADF backups. | PRO | ✔️ |
| Scan ChromeOS ADF backups. | ✔️ | ❌ |
| Scan iTunes backup. | PRO | ✔️ |
| Scan iTunes backup found on a target computer. | PRO | ❌ |
| Preview connected and unlocked Android/iOS devices | PRO | ✔️ |
| RAM capture on Windows | ✔️ | ❌ |
| Scan turned-on Windows computers (live scan with the Collection Key or via the remote agent) | ✔️ | ❌ |
| Scan turned-on Mac computers (live or recovery scan via the remote agent scan) | ✔️ | ❌ |
| Scan turned-off Windows and Linux computers (boot scan with the Collection Key) | ✔️ | ❌ |
| Scan multiple computers on-site with a single Authentication Key (license dongle) | ✔️ | ❌ |
| Scan drive images (E01, DD, AFF4, L01, ZIP) | ✔️ | ❌ |
| Scan NTFS, FAT, ExFAT, HFS+, APFS, EXT2/3/4, YAFFS2 file systems | ✔️ | ❌ |
| Scan devices connected to a suspect computer | ✔️ | ❌ |
| Scan external devices (USB, CD, DVD, SD cards, MTP, etc.) attached to the forensic workstation. | ✔️ | License Add-on |
| Enter keywords just before a live/boot scan | ✔️ | ❌ |
| Recover hundreds of file types. | ✔️ | ✔️ |
| Recover communication artifacts (emails, chats, contacts, etc.) | ✔️ | ✔️ |
| Recover system artifacts (user accounts, wifi connections, USB history, installed apps, etc.) | ✔️ | ✔️ |
| Recover application artifacts (peer-to-peer, anti-forensics, crypto-currency, etc.) | ✔️ | ✔️ |
| Recover web browser artifacts (browsing history, bookmarks, search terms, synced tabs, etc) | ✔️ | ✔️ |
| Recover deleted pictures from unallocated space. | ✔️ | ❌ |
| Recover deleted pictures from system files. | ✔️ | ❌ |
| Recover deleted records from apps using the SQLite database. | ✔️ | ✔️ |
| Prompt for password of encrypted partitions (FileVault2 HFS/APFS, Bitlocker) | ✔️ | ❌ |
| Ignore files from a whitelist (import from NSRL and VICS/CAID) | ✔️ | ✔️ |
| Conduct live scans in Stealth mode | ✔️ | ❌ |
| Automatically start a boot or live scan | ❌ | ❌ |
| Present custom forms before a scan (consent forms or other) | ✔️ | ✔️ |
| Forensically Sound | ✔️ | ✔️ |
| Digital Evidence Investigator® | Mobile Device Investigator® | |
|---|---|---|
| Image suspect drives and storage devices (EWF and DD) | ✔️ |
❌ |
| Image Mac and Windows computers from the remote agent (ZIP) | ✔️ |
❌ |
| Advanced logical acquisition of Android, iOS devices | PRO |
✔️ |
| Advanced logical acquisition of ChromeOS devices | ✔️ |
❌ |
| Create Load Files after Android/iOS devices acquisition | PRO |
✔️ |
| Digital Evidence Investigator® | Mobile Device Investigator® | |
|---|---|---|
| Take screenshots and screen recordings from any video sources | License add-on | License add-on |
| Take screenshots of Android and iOS devices | PRO | ✔️ |
| Take screenshots of ChromeOS devices | ✔️ | ❌ |
| Make screen recordings of Android and iOS devices | PRO | ✔️ |
| Make screen recordings of ChromeOS devices | ✔️ | ❌ |
| Scan screenshots and screen recordings to perform OCR and obtain a scan result | PRO | ✔️ |
| Digital Evidence Investigator® | Mobile Device Investigator® | |
|---|---|---|
|
Review evidence directly on suspect computer |
✔️ |
❌ |
|
Comprehensive filtering and sorting of results |
✔️ |
✔️ |
|
Hide duplicated files to reduce noise |
✔️ |
✔️ |
|
Analyze all files, artifacts, and users' activities in a single timeline |
✔️ |
✔️ |
|
View links between files of interest and user’s activities |
✔️ |
✔️ |
|
View conversations in familiar color-coded "chat" bubbles |
✔️ |
✔️ |
|
Tag and comment on relevant records to build report |
✔️ |
✔️ |
|
Automatic visual classification of pictures and videos |
✔️ |
✔️ |
|
Extract and translate entities from documents and communications |
License Add-on |
License Add-on |
|
Create comprehensive reports |
✔️ |
✔️ |
|
Export reports to HTML, PDF, VICS, and CSV formats |
✔️ |
✔️ |
|
Export reports to a standalone viewer executable that can easily be shared and doesn't need to be installed |
✔️ |
✔️ |
| Digital Evidence Investigator® | Mobile Device Investigator® | |
|---|---|---|
|
Define and package custom search criteria (Search Profiles) |
✔️ |
✔️ |
|
Create custom data Captures (keywords, SHA-1/MD-5 hash, grep search, file collection, PhotoDNA) |
✔️ |
✔️ |
|
✔️ |
✔️ |
|
| Configure properties of files to search (size, timestamps, etc.) |
✔️ |
✔️ |
| Configure folders and paths to scan |
✔️ |
✔️ |
| Customize headers of files to search |
✔️ |
✔️ |
|
✔️ |
✔️ |
|
|
✔️ |
✔️ |
|
|
Out-of-the-box Search Profiles for "Media Exploitation" |
❌ |
✔️ |
|
Out-of-the-box Search Profiles for "Law Enforcement" (including Indecent Images of Children Profiles for CSAM investigations) |
✔️ |
✔️ |
|
Use any USB drive as a Collection Key |
✔️ |
❌ |
|
Use BitLocker to protect the Collection Key |
✔️ |
❌ |
|
Prepare a Collection Key without Search Profiles to select Captures just before a Scan |
✔️ |
❌ |
|
Simple multi-workstation deployment with a single configuration file |
✔️ |
✔️ |
|
Ready to use with no installation and no setup required |
❌ |
❌ |
Copyright 2024 | ADF ♥ Digital Forensics.
