%20(1).png?width=200&name=FINAL%20New%20Datasheet%20(June%202022)%20(1).png)
All ADF software shares the same intelligent search engine and rapid scan capabilities. The key differences in our digital forensic products are in the form factor and the features focused on deployment and usage scenarios. Users can select to deploy Mobile Forensics, Computer Forensics, or All-in-One Forensics tools which combine all capabilities into a portable lab.
| Digital Evidence Investigator® | Triage-Investigator® | Triage-G2® | Mobile Device Investigator® | MDI Field Tablet | DEI PRO Field Tablet | |
|---|---|---|---|---|---|---|
|
Instant previewing of mobile devices (no waiting for backups) |
PRO |
PRO |
PRO |
Y |
Y |
Y |
|
PRO |
PRO |
PRO |
Y |
Y |
Y |
|
|
Screen Record Android/iOs devices- (up to Android 14 and iOS 16) with Preserved Audio |
PRO |
PRO |
PRO |
Y |
Y |
Y |
|
Scan connected and unlocked Android/iOS devices (up to Android 14 and iOS 16) |
PRO |
PRO |
PRO |
Y |
Y |
Y |
|
Scan connected MTP devices (digital camera, legacy phones, etc) |
PRO |
PRO |
PRO |
Y |
Y |
Y |
|
Scan Android/iOS ADF backups (up to Android 14 and iOS 16) |
PRO |
PRO |
PRO |
Y |
Y |
Y |
|
Scan iTunes backup found on target computer |
PRO |
PRO |
PRO |
N |
N |
Y |
| Scan full mobile device acquisitions and detect keychain/keystore files (GrayKey, UFED) |
PRO |
PRO |
PRO |
Y |
Y |
Y |
|
Take screenshots of connected Android/iOS devices (up to Android 14 and iOS 16) |
PRO |
PRO |
PRO |
Y |
Y |
Y |
|
Autoscroll when taking screenshots of long pages on Android |
PRO |
PRO |
PRO |
Y |
Y |
Y |
|
Preview connected and unlocked Android/iOS devices (up to Android 14 and iOS 16) |
PRO |
PRO |
PRO |
Y |
Y |
Y |
|
RAM capture |
Y |
Y |
Y |
N |
N |
Y |
|
Scan turned-on Windows computers (live scan Windows machines) |
Y |
Y |
Y |
N |
N |
Y |
|
Scan turned-on Mac computers (live or recovery scan via the remote agent scan) |
Y |
Y |
Y |
N |
N |
Y |
|
Scan turned-off Windows, Mac, Linux computers (boot scan) |
Y |
Y |
Y |
N |
N |
Y |
|
Scan multiple computers on-site with a single license dongle |
Y |
Y |
N |
N |
N |
Y |
|
Scan drive images (E01, DD, AFF4, L01) |
Y |
Y |
Y |
N |
N |
Y |
|
Scan NTFS, FAT, ExFAT, HFS+, APFS, EXT2/3/4, YAFFS2 file systems |
Y |
Y |
Y |
N |
N |
Y |
|
Scan devices connected to suspect computer |
Y |
Y |
Y |
N |
N |
Y |
|
Scan external devices (USB, CD, DVD, SD cards, etc.) from forensic workstation / friendly computer |
Y |
Y |
Y |
N |
N |
Y |
|
Enter keywords just before a live/boot scan |
Y |
Y |
Y |
N |
N |
Y |
|
Recover hundreds of file types |
Y |
Y |
Y |
Y |
Y |
Y |
|
Recover communication artifacts (emails, chats, contacts, etc) |
Y |
Y |
Y |
Y |
Y |
Y |
|
Recover system artifacts (user accounts, WiFi connections, USB history, installed apps, etc) |
Y |
Y |
Y |
Y |
Y |
Y |
|
Recover application artifacts (peer-to-peer, anti-forensics, cryptocurrency, etc) |
Y |
Y |
Y |
Y |
Y |
Y |
|
Recover web browser artifacts (browsing history, bookmarks, search terms, etc) |
Y |
Y |
Y |
Y |
Y |
Y |
|
Recover deleted pictures from unallocated space |
Y |
Y |
Y |
N |
N |
Y |
|
Recover deleted pictures from system files |
Y |
Y |
Y |
N |
N |
Y |
|
Recover deleted records from apps using the SQLite database |
Y |
Y |
Y |
Y |
Y |
Y |
| Recover and process deleted partitions |
Y |
Y |
Y |
Y |
Y |
Y |
|
Prompt for password for encrypted partitions (FileVault2 HFS/APFS, Bitlocker) |
Y |
Y |
Y |
N |
Y |
Y |
|
Ignore files from a whitelist (import from NSRL and VICS/CAID) |
Y |
Y |
Y |
Y |
Y |
Y |
|
Conduct live scans in Stealth mode |
N |
N |
Y |
N |
N |
N |
|
Automatically start a boot or live scan |
N |
N |
Y |
N |
N |
Y |
|
Forensically Sound |
Y |
Y |
Y |
Y |
Y |
Y |
| Digital Evidence Investigator® | Triage-Investigator® | Triage-G2® | Mobile Device Investigator® | MDI Field Tablet | DEI PRO Field Tablet | |
|---|---|---|---|---|---|---|
|
Image suspect drives and storage devices (EWF and DD) |
Y |
Y |
Y |
N |
N |
Y |
|
Image Mac computers from the remote agent (ZIP) |
Y |
Y |
Y |
N |
N |
Y |
|
Advanced logical acquisition of Android/iOS devices |
PRO |
PRO |
PRO |
Y |
Y |
Y |
| Digital Evidence Investigator® | Triage-Investigator® | Triage-G2® | Mobile Device Investigator® | MDI Field Tablet | DEI PRO Field Tablet | |
|---|---|---|---|---|---|---|
|
Review evidence directly on suspect computer |
Y |
Y |
Y |
N |
N |
Y |
|
Comprehensive filtering and sorting of results |
Y |
Y |
Y |
Y |
Y |
Y |
|
Hide duplicated files to reduce noise |
Y |
Y |
Y |
Y |
Y |
Y |
|
Analyze all files, artifacts, and users' activities in a single timeline |
Y |
Y |
Y |
Y |
Y |
Y |
|
View links between files of interest and user’s activities |
Y |
Y |
Y |
Y |
Y |
Y |
|
View conversations in familiar color-coded "chat" bubbles |
Y |
Y |
Y |
Y |
Y |
Y |
|
Tag and comment on relevant records to build report |
Y |
Y |
Y |
Y |
Y |
Y |
|
Automatic visual classification of pictures and videos |
Y |
Y |
Y |
Y |
Y |
Y |
|
Extract and translate entities from documents and communications |
Rosoka Add-on |
Rosoka Add-on |
Y |
Rosoka Add-on |
Rosoka Add-on |
Rosoka Add-on |
|
Create comprehensive reports |
Y |
Y |
Y |
Y |
Y |
Y |
|
Export reports to HTML, PDF, VICS, and CSV formats |
Y |
Y |
Y |
Y |
Y |
Y |
|
Export reports to a standalone viewer executable |
Y |
Y |
Y |
Y |
Y |
Y |
| Digital Evidence Investigator® | Triage-Investigator® | Triage-G2® | Mobile Device Investigator® | MDI Field Tablet | DEI PRO Field Tablet | |
|---|---|---|---|---|---|---|
|
Define and package custom search criteria (Search Profiles) |
Y |
N |
Y |
Y |
Y |
Y |
|
Create custom data Captures (keywords, SHA-1/MD-5 hash, grep search, file collection) |
Y |
N |
Y |
Y |
Y |
Y |
|
Y |
N |
Y |
Y |
Y |
Y |
|
|
Customize file headers |
Y |
N |
Y |
Y |
Y |
Y |
|
Configure folders and paths to scan |
Y |
N |
Y |
Y |
Y |
Y |
|
Configure files to search properties (size, timestamps, etc.) |
Y |
N |
Y |
Y |
Y |
Y |
|
Y |
Y |
Y |
Y |
Y |
Y |
|
|
Y |
N |
Y |
Y |
Y |
Y |
|
|
Out-of-the-box Search Profiles for "Media Exploitation" |
N |
N |
Y |
Y |
Y |
N |
|
Out-of-the-box Search Profiles for "Law Enforcement" (including Indecent Images of Children Profiles for CSAM investigations) |
Y |
Y |
N |
Y |
Y |
Y |
|
Use any USB drive as a Collection Key |
Y |
Y |
N |
N |
N |
Y |
|
Use BitLocker to protect the Collection Key |
Y |
Y |
Y |
N |
N |
Y |
|
Prepare a Collection Key without Search Profiles to select Captures just before a Scan |
Y |
N |
Y |
N |
N |
Y |
|
Simple multi-workstation deployment with a single configuration file |
Y |
Y |
Y |
Y |
Y |
Y |
|
Ready to use with no installation and no setup required |
N |
N |
N |
N |
Y |
Y |
"ADF’s proven track record of reducing forensic backlogs. Now you can conduct digital investigations in the lab, or on-scene easier, faster and smarter. DEI makes it easy to quickly identify incriminating files and artifacts."
Leah Lawrence
Corporate Security Manager | USACorp
Copyright 2023 | ADF ♥ Digital Forensics.
