Digital Evidence Investigator

Computer Forensics for Lab Examiners and Investigators

Digital Evidence Investigator® (DEI) software is the #1 automated digital forensic tool for collecting files and artifacts - with evidence presented in a timeline view. 

Request a Free Trial
Digital Evidence Investigator Software for Lab Examiners & Investigators

Intro to DEI

Digital Evidence Investigator® (DEI) software is the #1 automated digital forensic tool for collecting files and artifacts - with the evidence presented in a timeline view.

HubSpot Video
Digital Evidence Investigator® Forensic Kit

Digital Evidence Investigator

Fast Automated Computer Investigations for Field and Lab

Forensic Examiners and Investigators around the world rely on Digital Evidence Investigator® to investigate computers and devices in their forensic lab or on-scene. DEI prioritizes and collects files and artifacts fast with suspect, witness, or victim evidence presented in a timeline view.

Buy now

Prioritize speed in evidence collection and use in the field or in lab investigations with minimal training.

  • Artifact collection are collected in parallel to accelerate their collection
  • Image live macOS computers via our remote agent and create an AFF4 logical image
  • Highly configurable file and artifact collection including web browser cached files, social media, P2P, Cryptocurrency, cloud storage, user login events, anti-forensic traces, saved credentials, files shared via Skype, USB history, user connection log, etc.
  • Recover deleted records from apps using the SQLite database
  • Supports collection of forensic artifacts from Windows and macOS (including T2 and M1 chips)
  • Search and collect emails including MS Outlook, Windows Mail, Windows Live Mail 10, Apple Mail
  • Investigate attached devices, live powered on computers, boot scans from powered off computers, forensic images, the contents of folders, and network shares (including shares made available by NAS devices)
  • Prepare a Collection Key without Search Profiles to select Captures just before a scan
  • Prepare a Collection Key with pre-configured or custom Search Profiles
  • Prepare a Collection Key: Protect the Collection Key with BitLocker (instead of the Search Profile option)
  • Prepare a Collection Key: the ability to borrow license tokens for collection keys
  • Scan & Image: discover remote Mac OS agents automatically
  • Scan Setup: deploy user-created Captures to the Collection Key when not using Search Profiles
  • Scan Setup: direct access to the new Capture screen
  • Image: create new log files for logical images
  • Scan: process logical images from the new data container
  • Image: use new and simplified data container to store Mac logical images (no more experimental AFF4-L)
  • Enter keywords just before a live/boot scan
  • Rapidly search suspect media using large hash sets (>100 million), including Project VIC (VICS 2.0) and CAID
  • Find relevant files and artifacts using DEI’s powerful keyword and regular expression search capability
  • Image drives Out-of-the-box with image verification and imaging log file
  • Use password and recovery key to decrypt and scan or image BitLocker volumes including those using the new AES-XTS encryption algorithm introduced in Windows 10
  • Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation
  • Capture RAM to acquire volatile memory
  • Collect password-protected and corrupted files for later review
  • Collect iOS backups on target computers
  • Detect and warn of BitLocker and FileVault2-protected drives
  • Leverage DEI’s powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers
  • Scan Setup: define time range of data collection, define collection per app in a Search Profile, select Captures and apps before a live or boot scan and exclude folders from the scan

Use the single timeline view that combines files and artifact records with a user’s actions.

  • View results while a scan is running 
  • View chat conversations with bubbles to easily identify the senders and receivers with “Message Thread” hyperlink to select individual conversations
  • Filter search results with sorting and search capabilities (dates, hash values, tags, text filters, more)
  • Search scan results using keywords, with results categorized by record type
  • View pictures and videos organized by visual classes such as people, faces, currency, weapons, vehicles, indecent pictures of children
  • View links between files of interest and user’s activities such as recently access files, downloaded files, attachments, and more
  • View highlighted encrypted files in the scan summary
  • Viewer: the ability to redact previews when exporting a report
  • Viewer: undock Frames panel tab
  • Inspect video using DEI’s comprehensive video preview and frame extraction
  • Automatically tag hash and keyword matches
  • Define new file types and select individual ones to be processed
  • Display provenance, including comprehensive metadata, of all relevant files and artifacts
  • Reorder or disable post-scan tasks (classification of pictures, videos, or entity extraction) to run in the Viewer
  • Leverage facial analysis age detection to quickly sort and identify infants, toddlers, children, and adults
  • ADD-ON: Rosoka Entity Extraction and Language Translation Gisting (230 languages) available

Digital Evidence Investigator software lets you create a standalone portable viewer for further analysis and reporting for prosecutors and other investigators.

  • Precisely select which files and artifacts to export
  • Customize your report to show specific columns and redact pictures
  • Present information in a table or list
  • Include original files or previews only
  • HTML and PDF reporting options
  • Export to other forensics applications with VICS / Project VIC (JSON) or CSV formats
  • Export to the Orchesight platform
  • Share scan results with a portable standalone viewer

The Digital Evidence Investigator Software Kit Includes:

  • One Portable Travel Case
  • One Licensed Digital Evidence Investigator® Software Authentication Key
  • One 500GB SSD Collection Drive
  • One 4 Port USB Hub
  • One USB-A to USB-C adapter
  • One Adapter USB-C to Ethernet and 3 USB-A
  • One Ethernet Cable
  • One Cable USB-A to USB-C
  • One Cable USB-C to USB-C
  • Software Maintenance and Support

Request a Quote

Recommended Technical Specs:

  • Windows 10 64-bit
  • Intel i7 CPU
  • 8GB Minimal, 16GB of RAM Recommended
  • 500GB PCIe NVMe SSD hard drive

Request a Quote

ADF Solutions digital forensic experts designed the Digital Evidence Investigator (DEI) Certified User training to equip both technical and non-technical investigators with the knowledge and skills they need to use DEI to immediately extract conclusive intelligence and evidence from computers and digital media. 

Course Length

16 Hours: Learners typically take approximately 16 hours to successfully complete the exercises and the final certification exam.

Course Outline

  • Introductions and getting started with Digital Evidence Investigator
  • Triage and field use cases
  • Preserving digital evidence and the boot process
  • Installation and preparing a collection key
  • Introduction to the DEI user interface
  • Using a collection key to extract digital evidence
  • Case Study 1: Child Exploitation - Quick Scan
  • Case Study 2: Child Exploitation - Targeted Folders
  • Case Study 3: Internet Scam
  • Case Study 4: Suspected Terrorism
  • File Identification
  • Case Study 5: Search Profile Lab
  • Advanced Concepts
  • Final Exam 

Cost

$995 Online Self-Paced Class (Buy Online Now)

In-Person for Your Team (Request a Quote)
"The quickness and user interface, as well as the ability to shape the triage and target certain types of investigations, have impressed everyone."

Computer Forensic Analyst

U.S. Federal Agency