ADF DIGITAL FORENSIC SOFTWARE

All ADF software shares the same intelligent search engine and rapid scan capabilities.  The key differences are in the features focused on deployment and usage scenarios: 

  • Police, Sheriff, Law Enforcement, IT Security and Digital First Responders - On-Scene, Field Investigations
  • Forensic Examiners - Lab Investigations and Priority Triage
  • Intel or Military Field Operatives - Force Protection and Field Intelligence Gathering
Mobile Device Investigator (MDI) logo

Mobile Device Investigator™ (MDI) is designed to be operated by front line police, sheriffs, field agents, and digital forensic investigators to quickly and easily collect digital evidence from iOS and Android phones and tablets by connecting a suspect device via USB port to quickly collect evidence and perform a logical acquisition. 

New PRO bundles: Mobile Device Investigator is bundled with ADF computer forensics software as part of the following Professional bundles:
Digital Evidence Investigator (DEI) logo Digital Evidence Investigator® (DEI) has been designed to meet both forensic lab and field triage requirements. DEI is used by both forensic examiners and investigators who have training to run and configure the tool (advanced mode only). DEI also offers advanced search configurations, and separate authentication and collection keys which allows users to scan multiple computers simultaneously. DEI does not offer stealth mode during live scans or the ability to switch to basic user mode.
Triage-G2 (TG2) logo Triage-G2® has been designed to meet military, intelligence and special forces media exploitation requirements. Triage-G2 is primarily used by operators who have training to both run the tool (basic mode) and with additional training, the option to configure the tool (advanced mode). Triage-G2 also offers a stealth mode for live scans, advanced search configurations, and an integrated authentication and collection key for optimized workflow. Triage-G2 is limited to scanning a single computer at one time.
Triage-Investigator (TINV) logo Triage-Investigator® has been designed for field triage requirements. It is primarily used by investigators with limited digital forensic training in running the tool (basic mode only). This basic user mode allows for ease-of-use and limits user risk. Triage-Investigator also offers separate authentication and collection keys which allows users to scan multiple computers simultaneously, which can be particularly useful for on-scene investigations. Triage-Investigator does not offer stealth mode during live scans, advanced search configurations, or the ability to switch to advanced mode.

 

Compare ADF Products
  Mobile Device Investigator™ Digital Evidence Investigator® Triage-G2® Triage-Investigator®
Setup and Configuration        
Define and package custom search criteria (Search Profiles) Y Y Y N
Create custom data Captures (keywords, SHA-1/MD-5 hash, grep search, file collection) Y Y Y N
Import VICS and CAID datasets for auto-categorization Y Y Y N
Customize file headers Y Y Y N
Configure folders and paths to scan Y Y Y N
Set filters by file properties (size, timestamps, etc.) Y Y Y N
Import Captures and Search Profiles Y Y Y Y
Export Captures and Search Profiles Y Y Y N
Out-of-the-box Search Profiles for "Media Exploitation" Y N Y N
Out-of-the-box Search Profiles for "Law Enforcement" (including Indecent Images) Y Y N Y
Use any USB drive as a Collection Key N Y N Y
Use BitLocker to protect the Collection Key N Y Y Y
         
Searching Digital Devices and Images        
Forensically Sound N Y Y Y
Scan turned-on Windows computers (live scan) N Y Y Y
Scan turned-off Windows, Mac, Linux computers (boot scan) N Y Y Y
Scan multiple computers on-site with a single license dongle N Y N Y
Scan drive images (e01, dd) N Y Y Y
Scan connected and unlocked Android/iOS devices Y Pro Pro Pro
Scan Android/iOS ADF backups Y Pro Pro Pro
Scan NTFS, FAT, ExFAT, HFS+, APFS, EXT2/3/4, YAFFS2 file systems N Y Y Y
Scan devices connected to suspect computer N Y Y Y
Scan external devices (USB, CD, DVD, SD cards, etc.) from forensic/friendly computer N Y Y Y
RAM capture N Y Y Y
Recover hundreds of file types Y Y Y Y
Recover communication artifacts (emails, chats, contacts, etc) Y Y Y Y
Recover system artifacts (user accounts, wifi connections, USB history, installed apps, etc) Y Y Y Y
Recover application artifacts (peer-to-peer, anti-forensics, crypto-currency, etc) Y Y Y Y
Recover web browser artifacts (browsing history, bookmarks, search terms, etc) Y Y Y Y
Prompt for password for encrypted partitions (FileVault2 HFS/APFS, Bitlocker) N Y Y Y
Conduct live scans in Stealth mode N N Y N
Automatically start a boot or live scan N N Y N
         
Imaging Digital Devices        
Image suspect drives and storage devices N Y Y Y
Backup Android/iOS devices Y Pro Pro Pro
         
Analysis and Reporting        
Review evidence directly on suspect computer N Y Y Y
Comprehensive filtering of results Y Y Y Y
Analyze all files, artifacts, and users' activities in a single timeline Y Y Y Y
View links between files of interest and user’s activities Y Y Y Y
Tag and comment on relevant records to build report Y Y Y Y
Automatic visual classification of pictures and videos Y Y Y Y
Create comprehensive reports Y Y Y Y
Export reports to HTML, PDF, VICS, and CSV formats Y Y Y Y
Export reports to a standalone viewer executable Y Y Y Y
         
Other        
Extended license duration (limitations)