Compare Digital Forensic Tools

All ADF software shares the same intelligent search engine and rapid scan capabilities. The key differences in our digital forensic products are in the form factor and the features focused on deployment and usage scenarios:

Police, Sheriff, Law Enforcement, School Resource Officers, IT Security and Digital First Responders - On-Scene, Field Investigations
Forensic Examiners - Police, Government or Corporate Lab Investigations and Priority Triage
Intel or Military Field Operatives - Force Protection and Field Intelligence Gathering

	Mobile Device Investigator ® (MDI) is designed to be operated by front line police, sheriffs, field agents, and digital forensic investigators to quickly and easily collect digital evidence from iOS and Android phones and tablets by connecting a suspect device via USB port to quickly collect evidence and perform a logical acquisition. PRO bundles: Mobile Device Investigator is bundled with ADF computer forensics software as part of the following Professional bundles: Digital Evidence Investigator PRO - license includes DEI and MDI capabilities Triage-Investigator PRO - license includes TINV and MDI capabilities Triage-G2 PRO - license includes TG2 and MDI capabilities
	Digital Evidence Investigator® has been designed to meet both forensic lab and field triage requirements. DEI is used by both forensic examiners and investigators who have training to run and configure the tool (advanced mode only). DEI also offers advanced search configurations, and separate authentication and collection keys which allows users to scan multiple computers simultaneously. DEI does not offer stealth mode during live scans or the ability to switch to basic user mode.
	Triage-Investigator® has been designed for field triage requirements. It is primarily used by investigators with limited digital forensic training in running the tool (basic mode only). This basic user mode allows for ease-of-use and limits user risk. Triage-Investigator also offers separate authentication and collection keys which allows users to scan multiple computers simultaneously, which can be particularly useful for on-scene investigations. Triage-Investigator does not offer stealth mode during live scans, advanced search configurations, or the ability to switch to advanced mode.
	Triage-G2® has been designed to meet military, intelligence and special forces media exploitation requirements. Triage-G2 is primarily used by operators who have training to both run the tool (basic mode) and with additional training, the option to configure the tool (advanced mode). Triage-G2 also offers a stealth mode for live scans, advanced search configurations, and an integrated authentication and collection key for optimized workflow. Triage-G2 is limited to scanning a single computer at one time.
	Rosoka capabilities are now standard in Triage-G2® and Triage-G2® PRO and can be purchased as the Rosoka Add-on for any of the other ADF digital forensic tools. Integrated with ADF, Rosoka performs Entity Extraction and Language Identification to provide an English gloss (gisting) for over 200 languages with built-in Natural Language Processing (NLP). There is no need to load separate dictionaries, or even know beforehand what language(s) are contained within your documents. The ADF Rosoka Add-on will not only tell you what languages are there, but we'll give you an English gloss to give you better insight for better decisions. See the Rosoka Add-on in Action: Identifies over 40 different entity types Simultaneous extraction in over 230+ different languages Powerful Gisting / Natural Language Processing (NLP) capabilities built-in

					MDI Field Tablet	DEI PRO Field Tablet
SETUP & CONFIGURATION
Define and package custom search criteria (Search Profiles)	Y	N	Y	Y	Y	Y
Create custom data Captures (keywords, SHA-1/MD-5 hash, grep search, file collection)	Y	N	Y	Y	Y	Y
Import VICS and CAID datasets for auto-categorization	Y	N	Y	Y	Y	Y
Customize file headers	Y	N	Y	Y	Y	Y
Configure folders and paths to scan	Y	N	Y	Y	Y	Y
Configure files to search properties (size, timestamps, etc.)	Y	N	Y	Y	Y	Y
Import Captures and Search Profiles	Y	Y	Y	Y	Y	Y
Export Captures and Search Profiles	Y	N	Y	Y	Y	Y
Out-of-the-box Search Profiles for "Media Exploitation"	N	N	Y	Y	Y	N
Out-of-the-box Search Profiles for "Law Enforcement" (including Indecent Images of Children Profiles for CSAM investigations)	Y	Y	N	Y	Y	Y
Use any USB drive as a Collection Key	Y	Y	N	N	N	Y
Use BitLocker to protect the Collection Key	Y	Y	Y	N	N	Y
Prepare a Collection Key without Search Profiles to select Captures just before a Scan	Y	N	Y	N	N	Y
Simple multi-workstation deployment with a single configuration file	Y	Y	Y	Y	Y	Y
Ready to use with no installation and no setup required	N	N	N	N	Y	Y
					MDI Field Tablet	DEI PRO Field Tablet
SEARCHING DIGITAL DEVICES & IMAGES
Instant previewing of mobile devices (no waiting for backups)	PRO	PRO	PRO	Y	Y	Y
Take screenshots of mobile devices with OCR capability	PRO	PRO	PRO	Y	Y	Y
Scan connected and unlocked Android/iOS devices	PRO	PRO	PRO	Y	Y	Y
Scan connected MTP devices (digital camera, legacy phones, etc)	PRO	PRO	PRO	Y	Y	Y
Scan Android/iOS ADF backups	PRO	PRO	PRO	Y	Y	Y
Scan iTunes backup found on target computer	PRO	PRO	PRO	N	N	Y
Take screenshots of connected Android/iOS devices	PRO	PRO	PRO	Y	Y	Y
Preview connected and unlocked Android/iOS devices	PRO	PRO	PRO	Y	Y	Y
RAM capture	Y	Y	Y	N	N	Y
Scan turned-on Windows computers (live scan Windows machines)	Y	Y	Y	N	N	Y
Scan turned-off Windows, Mac, Linux computers (boot scan)	Y	Y	Y	N	N	Y
Scan multiple computers on-site with a single license dongle	Y	Y	N	N	N	Y
Scan drive images (E01, DD, AFF4, L01)	Y	Y	Y	N	N	Y
Scan NTFS, FAT, ExFAT, HFS+, APFS, EXT2/3/4, YAFFS2 file systems	Y	Y	Y	N	N	Y
Scan devices connected to suspect computer	Y	Y	Y	N	N	Y
Scan external devices (USB, CD, DVD, SD cards, etc.) from forensic workstation / friendly computer	Y	Y	Y	N	N	Y
Enter keywords just before a live/boot scan	Y	Y	Y	N	N	Y
Recover hundreds of file types	Y	Y	Y	Y	Y	Y
Recover communication artifacts (emails, chats, contacts, etc)	Y	Y	Y	Y	Y	Y
Recover system artifacts (user accounts, WiFi connections, USB history, installed apps, etc)	Y	Y	Y	Y	Y	Y
Recover application artifacts (peer-to-peer, anti-forensics, cryptocurrency, etc)	Y	Y	Y	Y	Y	Y
Recover web browser artifacts (browsing history, bookmarks, search terms, etc)	Y	Y	Y	Y	Y	Y
Recover deleted pictures from unallocated space	Y	Y	Y	N	N	Y
Recover deleted pictures from system files	Y	Y	Y	N	N	Y
Recover deleted records from apps using the SQLite database	Y	Y	Y	Y	Y	Y
Prompt for password for encrypted partitions (FileVault2 HFS/APFS, Bitlocker)	Y	Y	Y	N	Y	Y
Ignore files from a whitelist (import from NSRL and VICS/CAID)	Y	Y	Y	Y	Y	Y
Conduct live scans in Stealth mode	N	N	Y	N	N	N
Automatically start a boot or live scan	N	N	Y	N	N	Y
Forensically Sound	Y	Y	Y	N	N	Y
					MDI Field Tablet	DEI PRO Field Tablet
IMAGING DIGITAL DEVICES
Image suspect drives and storage devices (EWF and DD)	Y	Y	Y	N	N	Y
Advanced logical acquisition of Android/iOS devices	PRO	PRO	PRO	Y	Y	Y
ANALYSIS & REPORTING
Review evidence directly on suspect computer	Y	Y	Y	N	N	Y
Comprehensive filtering and sorting of results	Y	Y	Y	Y	Y	Y
Hide duplicated files to reduce noise	Y	Y	Y	Y	Y	Y
Analyze all files, artifacts, and users' activities in a single timeline	Y	Y	Y	Y	Y	Y
View links between files of interest and user’s activities	Y	Y	Y	Y	Y	Y
View conversations in familiar color-coded "chat" bubbles	Y	Y	Y	Y	Y	Y
Tag and comment on relevant records to build report	Y	Y	Y	Y	Y	Y
Automatic visual classification of pictures and videos	Y	Y	Y	Y	Y	Y
Extract and translate entities from documents and communications	Rosoka Add-on	Rosoka Add-on	Y	Rosoka Add-on	Rosoka Add-on	Rosoka Add-on
Create comprehensive reports	Y	Y	Y	Y	Y	Y
Export reports to HTML, PDF, VICS, and CSV formats	Y	Y	Y	Y	Y	Y
Export reports to a standalone viewer executable	Y	Y	Y	Y	Y	Y

Compare Products

COMPARE DIGITAL FORENSIC TOOLS

COMPARE ADF DIGITAL FORENSIC SOFTWARE PRODUCTS

READY TO SCHEDULE A DEMO FOR YOUR TEAM?

Latest News

ADF Technology Partners