Digital Evidence Investigator: #1 Digital Forensic Tool for Evidence Collection on Windows & MacOS

Digital Evidence Investigator

Fast Automated Computer Investigations for Field and Lab

Forensic Examiners and Investigators around the world rely on Digital Evidence Investigator^® to investigate computers and devices in their forensic lab or on-scene. DEI prioritizes and collects files and artifacts fast with suspect, witness, or victim evidence presented in a timeline view.

Buy now

Prioritize speed in evidence collection and use in the field or in lab investigations with minimal training.

Image live macOS computers via our remote agent and create an AFF4 logical image
Highly configurable file and artifact collection including web browser cached files, social media, P2P, Cryptocurrency, cloud storage, user login events, anti-forensic traces, saved credentials, files shared via Skype, USB history, user connection log, etc.
Recover deleted records from apps using the SQLite database
Supports collection of forensic artifacts from Windows and macOS (including T2 and M1 chips)
Search and collect emails including MS Outlook, Windows Mail, Windows Live Mail 10, Apple Mail
Investigate attached devices, live powered on computers, boot scans from powered off computers, forensic images, the contents of folders, and network shares (including shares made available by NAS devices)
Prepare a Collection Key without Search Profiles to select Captures just before a scan
Prepare a Collection Key with pre-configured or custom Search Profiles
Enter keywords just before a live/boot scan
Rapidly search suspect media using large hash sets (>100 million), including Project VIC (VICS 2.0) and CAID
Find relevant files and artifacts using DEI’s powerful keyword and regular expression search capability
Image drives Out-of-the-box with image verification and imaging log file
Use password and recovery key to decrypt and scan or image BitLocker volumes including those using the new AES-XTS encryption algorithm introduced in Windows 10
Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation
Capture RAM to acquire volatile memory
Collect password protected and corrupted files for later review
Collect iOS backups on target computers
Detect and warn of BitLocker and FileVault2 protected drives
Leverage DEI’s powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers

Use the single timeline view that combines files and artifact records with a user’s actions.

View results while a scan is running
View chat conversations with bubbles to easily identify the senders and receivers with “Message Thread” hyperlink to select individual conversations
Filter search results with sorting and search capabilities (dates, hash values, tags, text filters, more)
View pictures and videos organized by visual classes such as people, faces, currency, weapons, vehicles, indecent pictures of children
View links between files of interest and user’s activities such as recently access files, downloaded files, attachments, and more
Inspect video using DEI’s comprehensive video preview and frame extraction
Automatically tag hash and keyword matches
Define new file types and select individual ones to be processed
Display provenance, including comprehensive metadata, of all relevant files and artifacts
Reorder or disable post-scan tasks (classification of pictures, videos, or entity extraction) to run in the Viewer
Leverage facial analysis age detection to quickly sort and identify infants, toddlers, children, and adults
ADD-ON: Rosoka Entity Extraction and Language Translation Gisting (230 languages) available

Digital Evidence Investigator^Ⓡsoftware lets you create a standalone portable viewer for further analysis and reporting for prosecutors and other investigators.

Precisely select which files and artifacts to export
Customize your report to show specific columns and redact pictures
Present information in a table or list
Include original files or previews only
HTML and PDF reporting options
Export to other forensics applications with VICS / Project VIC (JSON) or CSV formats
Export to the Orchesight platform
Share scan results with a portable standalone viewer

The Digital Evidence Investigator Software Kit Includes:

One Portable Travel Case
One Licensed Digital Evidence Investigator^® Software Authentication Key
One 500GB SSD Collection Drive
One 4 Port USB Hub
Software Maintenance and Support

Request a Quote

Recommended Technical Specs:

Windows 10 64-bit
Intel i7 CPU
8GB Minimal, 16GB of RAM Recommended
500GB PCIe NVMe SSD hard drive

Request a Quote

ADF Solutions digital forensic experts designed the Digital Evidence Investigator (DEI) Certified User training to equip both technical and non-technical investigators with the knowledge and skills they need to use DEI to immediately extract conclusive intelligence and evidence from computers and digital media.

Course Length

16 Hours: Learners typically take approximately 16 hours to successfully complete the exercises and the final certification exam.

Course Outline

Introductions and getting started with Digital Evidence Investigator
Triage and field use cases
Preserving digital evidence and the boot process
Installation and preparing a collection key
Introduction to the DEI user interface
Using a collection key to extract digital evidence
Case Study 1: Child Exploitation - Quick Scan
Case Study 2: Child Exploitation - Targeted Folders
Case Study 3: Internet Scam
Case Study 4: Suspected Terrorism
File Identification
Case Study 5: Search Profile Lab
Advanced Concepts
Final Exam

Cost

$995 Online Self-Paced Class (Buy Online Now)

In-Person for Your Team (Request a Quote)

Digital Evidence Investigator