All ADF forensic tools share the same search and scan engine. The differences are aimed at 1) usage scenarios – specifically military operations, forensic lab examination, and field investigations, and 2) user risk management.
Digital Evidence Investigator® (DEI) has been designed to meet both forensic lab and field triage requirements. DEI is used by both forensic examiners and investigators who have training to run and configure the tool (advanced mode only). DEI also offers advanced search configurations, and separate authentication and collection keys which allows users to scan multiple computers simultaneously. DEI does not offer stealth mode during live scans or the ability to switch to basic user mode.
Triage-G2® has been designed to meet military, intelligence and special forces media exploitation requirements. Triage-G2 is primarily used by operators who have training to both run the tool (basic mode) and with additional training, the option to configure the tool (advanced mode). Triage-G2 also offers a stealth mode for live scans, advanced search configurations, and an integrated authentication and collection key for optimized workflow. Triage-G2 is limited to scanning a single computer at one time.
Triage-Investigator® has been designed for field triage requirements. It is primarily used by investigators with limited digital forensic training in running the tool (basic mode only). This basic user mode allows for ease-of-use and limits user risk. Triage-Investigator also offers separate authentication and collection keys which allows users to scan multiple computers simultaneously, which can be particularly useful for on-scene investigations. Triage-Investigator does not offer stealth mode during live scans, advanced search configurations, or the ability to switch to advanced mode.
