COMPARE DIGITAL FORENSIC TOOLS

All ADF software shares the same intelligent search engine and rapid scan capabilities.  The key differences in our digital forensic products are in the form factor and the features focused on deployment and usage scenarios: 

  • Police, Sheriff, Law Enforcement, School Resource Officers, IT Security and Digital First Responders - On-Scene, Field Investigations
  • Forensic Examiners - Police, Government or Corporate Lab Investigations and Priority Triage
  • Intel or Military Field Operatives - Force Protection and Field Intelligence Gathering
ADF Mobile Device Investigator MDI logo x600 72dpi

Mobile Device Investigator® (MDI) is designed to be operated by front line police, sheriffs, field agents, and digital forensic investigators to quickly and easily collect digital evidence from iOS and Android phones and tablets by connecting a suspect device via USB port to quickly collect evidence and perform a logical acquisition. 

PRO bundles: Mobile Device Investigator is bundled with ADF computer forensics software as part of the following Professional bundles:
Digital Evidence Investigator (DEI) logo Digital Evidence Investigator® has been designed to meet both forensic lab and field triage requirements. DEI is used by both forensic examiners and investigators who have training to run and configure the tool (advanced mode only). DEI also offers advanced search configurations, and separate authentication and collection keys which allows users to scan multiple computers simultaneously. DEI does not offer stealth mode during live scans or the ability to switch to basic user mode.
Triage-Investigator (TINV) logo Triage-Investigator® has been designed for field triage requirements. It is primarily used by investigators with limited digital forensic training in running the tool (basic mode only). This basic user mode allows for ease-of-use and limits user risk. Triage-Investigator also offers separate authentication and collection keys which allows users to scan multiple computers simultaneously, which can be particularly useful for on-scene investigations. Triage-Investigator does not offer stealth mode during live scans, advanced search configurations, or the ability to switch to advanced mode.
Triage-G2 (TG2) logo

 

Triage-G2® has been designed to meet military, intelligence and special forces media exploitation requirements. Triage-G2 is primarily used by operators who have training to both run the tool (basic mode) and with additional training, the option to configure the tool (advanced mode). Triage-G2 also offers a stealth mode for live scans, advanced search configurations, and an integrated authentication and collection key for optimized workflow. Triage-G2 is limited to scanning a single computer at one time.
Introducing Rosoka within ADF Solutions Digital Forensic Software

Rosoka capabilities are now standard in Triage-G2® and Triage-G2® PRO and can be purchased as the Rosoka Add-on for any of the other ADF digital forensic tools. 

Integrated with ADF, Rosoka  performs Entity Extraction and Language Identification to provide an English gloss (gisting) for over 200 languages with built-in Natural Language Processing (NLP). There is no need to load separate dictionaries, or even know beforehand what language(s) are contained within your documents.  The ADF Rosoka Add-on will not only tell you what languages are there, but we'll give you an English gloss to give you better insight for better decisions.

The Rosoka Add-on: 

  • Identifies over 40 different entity types
  • Simultaneous extraction in over 230+ different languages 
  • Powerful Gisting / Natural Language Processing (NLP) capabilities built-in 

Rosoka Add-on upgrade 230 languages for natural language processing

 

COMPARE ADF DIGITAL FORENSIC SOFTWARE PRODUCTS
  ADF DEI logo - small ADF TINV logo - small ADF TG2 logo - small ADF MDI logo - small MDI Field Tablet DEI PRO Field Tablet
SETUP & CONFIGURATION            
Define and package custom search criteria (Search Profiles) Y N Y Y Y Y
Create custom data Captures (keywords, SHA-1/MD-5 hash, grep search, file collection) Y N Y Y Y Y
Import VICS and CAID datasets for auto-categorization Y N Y Y Y Y
Customize file headers Y N Y Y Y Y
Configure folders and paths to scan Y N Y Y Y Y
Configure files to search properties (size, timestamps, etc.) Y N Y Y Y Y
Import Captures and Search Profiles Y Y Y Y Y Y
Export Captures and Search Profiles Y N Y Y Y Y
Out-of-the-box Search Profiles for "Media Exploitation" N N Y Y Y N
Out-of-the-box Search Profiles for "Law Enforcement" (including Indecent Images) Y Y N Y Y Y
Use any USB drive as a Collection Key Y Y N N N Y
Use BitLocker to protect the Collection Key Y Y Y N N Y
Prepare a Collection Key without Search Profiles to select Captures just before a Scan Y N Y N N Y
Simple multi-workstation deployment with a single configuration file Y Y Y Y Y Y
Ready to use with no installation and no setup required N N N N Y Y
  ADF DEI logo - small ADF TINV logo - small ADF TG2 logo - small ADF MDI logo - small MDI Field Tablet DEI PRO Field Tablet
SEARCHING DIGITAL DEVICES & IMAGES            
Scan connected and unlocked Android/iOS devices Pro Pro Pro Y Y Y
Scan Android/iOS ADF backups Pro Pro Pro Y Y Y
Scan iTunes backup found on target computer Pro Pro Pro N N Y
RAM capture Y Y Y N N Y
Scan turned-on Windows computers (live scan) Y Y Y N N Y
Scan turned-off Windows, Mac, Linux computers (boot scan) Y Y Y N N Y
Scan multiple computers on-site with a single license dongle Y Y N N N Y
Scan drive images (e01, dd) Y Y Y N N Y
Scan NTFS, FAT, ExFAT, HFS+, APFS, EXT2/3/4, YAFFS2 file systems Y Y Y N N Y
Scan devices connected to suspect computer Y Y Y N N Y
Scan external devices (USB, CD, DVD, SD cards, etc.) from forensic/friendly computer Y Y Y N N Y
Recover hundreds of file types Y Y Y Y Y Y
Recover communication artifacts (emails, chats, contacts, etc) Y Y Y Y Y Y
Recover system artifacts (user accounts, WiFi connections, USB history, installed apps, etc) Y Y Y Y Y Y
Recover application artifacts (peer-to-peer, anti-forensics, crypto-currency, etc) Y Y Y Y Y Y
Recover web browser artifacts (browsing history, bookmarks, search terms, etc) Y Y Y Y Y Y
Prompt for password for encrypted partitions (FileVault2 HFS/APFS, Bitlocker) Y Y Y N Y Y
Ignore files from a whitelist (import from NSRL and VICS/CAID) Y Y Y Y Y Y
Conduct live scans in Stealth mode N N Y N N N
Automatically start a boot or live scan N N Y N N Y
  ADF DEI logo - small ADF TINV logo - small ADF TG2 logo - small ADF MDI logo - small MDI Field Tablet DEI PRO Field Tablet
IMAGING DIGITAL DEVICES            
Image suspect drives and storage devices (EWF and DD) Y Y Y N N Y
Backup Android/iOS devices Pro Pro Pro Y Y Y
ANALYSIS & REPORTING            
Review evidence directly on suspect computer Y Y Y N N Y
Comprehensive filtering and sorting of results Y Y Y Y Y Y
Hide duplicated files to reduce noise Y Y Y Y Y Y
Analyze all files, artifacts, and users' activities in a single timeline Y Y Y Y Y Y
View links between files of interest and user’s activities Y Y Y Y Y Y
Tag and comment on relevant records to build report Y Y Y Y Y Y
Automatic visual classification of pictures and videos Y Y Y Y Y Y
Extract and translate entities from documents and communications (BETA) Rosoka
Add-on		 Rosoka
Add-on		 Y Rosoka
Add-on		 Rosoka
Add-on		 Rosoka
Add-on
Create comprehensive reports Y Y Y Y Y Y
Export reports to HTML, PDF, VICS, and CSV formats Y Y Y Y Y Y
Export reports to a standalone viewer executable Y Y Y Y Y Y