All ADF software shares the same intelligent search engine and rapid scan capabilities. The key differences in our digital forensic products are in the form factor and the features focused on deployment and usage scenarios. Users can select to deploy Mobile Forensics, Computer Forensics, or ADF PRO tools which combine all capabilities into a portable lab.
Digital Evidence Investigator® | Mobile Device Investigator® | |
---|---|---|
Instant previewing of mobile devices (no waiting for backups) |
PRO |
✔️ |
PRO |
✔️ |
|
Create Load File During Acquisition of Mobile Devices |
❌ |
✔️ |
Scan and Image Chrome OS Computer Devices |
✔️ |
❌ |
Screen Record Android/iOS mobile devices (up to Android 14 and iOS 16) with Preserved Audio |
PRO |
✔️ |
Screen Record ChromeOS mobile devices |
PRO |
❌ |
Scan connected and unlocked Android/iOS mobile devices (up to Android 14 and iOS 16) |
PRO |
✔️ |
Scan connected and unlocked ChromeOS mobile devices |
PRO |
❌ |
Scan connected MTP devices (digital camera, legacy phones, etc) |
PRO |
✔️ |
Scan Android/iOS ADF backups (up to Android 14 and iOS 16) |
PRO |
✔️ |
Scan ChromeOS ADF backups |
PRO |
❌ |
Scan iTunes backup found on the target computer |
PRO |
✔️ |
Scan full mobile device acquisitions and detect keychain/keystore files (Gray Key, UFED) |
PRO |
✔️ |
Take screenshots of connected Android/iOS mobile devices (up to Android 14 and iOS 16) |
PRO |
✔️ |
Take screenshots of connected ChromeOS devices |
PRO |
❌ |
Auto-scroll when taking screenshots of long pages on Android |
PRO |
✔️ |
Preview connected and unlocked Android/iOS/ChromeOS mobile devices (up to Android 14 and iOS 16) |
PRO |
✔️ |
RAM capture |
✔️ |
❌ |
Scan turned-on Windows computers (live scan Windows machines) |
✔️ |
❌ |
Scan turned-on Mac computers (live or recovery scan via the remote agent scan) |
✔️ |
❌ |
Scan turned-off Windows, Mac, Linux computers (boot scan) |
✔️ |
❌ |
Scan multiple computers on-site with a single license dongle |
✔️ |
❌ |
Scan drive images (E01, DD, AFF4, L01) |
✔️ |
❌ |
Scan NTFS, FAT, ExFAT, HFS+, APFS, EXT2/3/4, YAFFS2 file systems |
✔️ |
❌ |
Scan devices connected to suspect computer |
✔️ |
❌ |
Scan external devices (USB, CD, DVD, SD cards, etc.) from forensic workstation / friendly computer |
✔️ |
❌ |
Enter keywords just before a live/boot scan |
✔️ |
❌ |
Recover hundreds of file types |
✔️ |
✔️ |
Recover communication artifacts (emails, chats, contacts, etc) |
✔️ |
✔️ |
Recover system artifacts (user accounts, WiFi connections, USB history, installed apps, etc) |
✔️ |
✔️ |
Recover application artifacts (peer-to-peer, anti-forensics, cryptocurrency, etc) |
✔️ |
✔️ |
Recover web browser artifacts (browsing history, bookmarks, search terms, etc) |
✔️ |
✔️ |
Recover deleted pictures from unallocated space |
✔️ |
❌ |
Recover deleted pictures from system files |
✔️ |
❌ |
Recover deleted records from apps using the SQLite database |
✔️ |
✔️ |
Recover and process deleted partitions |
✔️ |
✔️ |
Prompt for password for encrypted partitions (FileVault2 HFS/APFS, Bitlocker) |
✔️ |
❌ |
Ignore files from a whitelist (import from NSRL and VICS/CAID) |
✔️ |
✔️ |
Conduct live scans in Stealth mode |
❌ |
❌ |
Automatically start a boot or live scan |
❌ |
❌ |
Forensically Sound |
✔️ |
✔️ |
Digital Evidence Investigator® | Mobile Device Investigator® | MDI Field Tablet | DEI PRO Field Tablet | |
---|---|---|---|---|
Image suspect drives and storage devices (EWF and DD) |
✔️ |
❌ |
❌ |
✔️ |
Image Mac computers from the remote agent (ZIP) |
✔️ |
❌ |
❌ |
✔️ |
Image live ARM CPU-based Window devices |
✔️ |
❌ |
❌ |
✔️ |
Advanced logical acquisition of Android/iOS devices |
PRO |
✔️ |
✔️ |
✔️ |
Advanced logical acquisition of ChromeOS devices |
✔️ |
❌ |
❌ |
✔️ |
Digital Evidence Investigator® | Mobile Device Investigator® | MDI Field Tablet | DEI PRO Field Tablet | |
---|---|---|---|---|
Review evidence directly on suspect computer |
✔️ |
❌ |
❌ |
✔️ |
Comprehensive filtering and sorting of results |
✔️ |
✔️ |
✔️ |
✔️ |
Hide duplicated files to reduce noise |
✔️ |
✔️ |
✔️ |
✔️ |
Analyze all files, artifacts, and users' activities in a single timeline |
✔️ |
✔️ |
✔️ |
✔️ |
View links between files of interest and user’s activities |
✔️ |
✔️ |
✔️ |
✔️ |
View conversations in familiar color-coded "chat" bubbles |
✔️ |
✔️ |
✔️ |
✔️ |
Tag and comment on relevant records to build report |
✔️ |
✔️ |
✔️ |
✔️ |
Automatic visual classification of pictures and videos |
✔️ |
✔️ |
✔️ |
✔️ |
Extract and translate entities from documents and communications |
Add-on |
Add-on |
Add-on |
Add-on |
Create comprehensive reports |
✔️ |
✔️ |
✔️ |
✔️ |
Export reports to HTML, PDF, VICS, and CSV formats |
✔️ |
✔️ |
✔️ |
✔️ |
Export reports to a standalone viewer executable |
✔️ |
✔️ |
✔️ |
✔️ |
Digital Evidence Investigator® | Mobile Device Investigator® | MDI Field Tablet | DEI PRO Field Tablet | |
---|---|---|---|---|
Define and package custom search criteria (Search Profiles) |
✔️ |
✔️ |
✔️ |
✔️ |
Create custom data Captures (keywords, SHA-1/MD-5 hash, grep search, file collection) |
✔️ |
✔️ |
✔️ |
✔️ |
✔️ |
✔️ |
✔️ |
✔️ |
|
Customize file headers |
✔️ |
✔️ |
✔️ |
✔️ |
Configure folders and paths to scan |
✔️ |
✔️ |
✔️ |
✔️ |
Configure files to search properties (size, timestamps, etc.) |
✔️ |
✔️ |
✔️ |
✔️ |
✔️ |
✔️ |
✔️ |
✔️ |
|
✔️ |
✔️ |
✔️ |
✔️ |
|
Out-of-the-box Search Profiles for "Media Exploitation" |
❌ |
✔️ |
✔️ |
❌ |
Out-of-the-box Search Profiles for "Law Enforcement" (including Indecent Images of Children Profiles for CSAM investigations) |
✔️ |
✔️ |
✔️ |
✔️ |
Use any USB drive as a Collection Key |
✔️ |
❌ |
❌ |
✔️ |
Use BitLocker to protect the Collection Key |
✔️ |
❌ |
❌ |
✔️ |
Prepare a Collection Key without Search Profiles to select Captures just before a Scan |
✔️ |
❌ |
❌ |
✔️ |
Simple multi-workstation deployment with a single configuration file |
✔️ |
✔️ |
✔️ |
✔️ |
Ready to use with no installation and no setup required |
❌ |
❌ |
✔️ |
✔️ |
Copyright 2024 | ADF ♥ Digital Forensics.