Digital Evidence Investigator

Computer Forensics for Lab Examiners and Investigators

Digital Evidence Investigator® (DEI) software is the #1 automated digital forensic tool for collecting files and artifacts - with evidence presented in a timeline view. 

Digital Evidence Investigator Software for Lab Examiners & Investigators

Intro to DEI

Digital Evidence Investigator® (DEI) software is the #1 automated digital forensic tool for collecting files and artifacts - with the evidence presented in a timeline view.

HubSpot Video
Digital Evidence Investigator® Forensic Kit

Digital Evidence Investigator

Fast Automated Computer Investigations for Field and Lab

Forensic Examiners and Investigators around the world rely on Digital Evidence Investigator® to investigate computers and devices in their forensic lab or on-scene. DEI prioritizes and collects files and artifacts fast with suspect, witness, or victim evidence presented in a timeline view.

Prioritize speed in evidence collection and use in the field or in lab investigations with minimal training.

  • Artifact collection are collected in parallel to accelerate their collection

  • Image live macOS computers via our remote agent and create an AFF4 logical image

  • Highly configurable file and artifact collection including web browser cached files, social media, P2P, Cryptocurrency, cloud storage, user login events, anti-forensic traces, saved credentials, files shared via Skype, USB history, user connection log, etc.

  • Recover deleted records from apps using the SQLite database

  • Supports collection of forensic artifacts from Windows and macOS (including T2 and M1 chips)

  • Search and collect emails including MS Outlook, Windows Mail, Windows Live Mail 10, Apple Mail

  • Investigate attached devices, live powered on computers, boot scans from powered off computers, forensic images, the contents of folders, and network shares (including shares made available by NAS devices)

  • Prepare a Collection Key without Search Profiles to select Captures just before a scan

  • Prepare a Collection Key with pre-configured or custom Search Profiles

  • Prepare a Collection Key: Protect the Collection Key with BitLocker (instead of the Search Profile option)

  • Enter keywords just before a live/boot scan

  • Rapidly search suspect media using large hash sets (>100 million), including Project VIC (VICS 2.0) and CAID

  • Find relevant files and artifacts using DEI’s powerful keyword and regular expression search capability

  • Image drives Out-of-the-box with image verification and imaging log file

  • Use password and recovery key to decrypt and scan or image BitLocker volumes including those using the new AES-XTS encryption algorithm introduced in Windows 10

  • Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation

  • Capture RAM to acquire volatile memory

  • Collect password protected and corrupted files for later review

  • Collect iOS backups on target computers

  • Detect and warn of BitLocker and FileVault2 protected drives

  • Leverage DEI’s powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers

  • Scan Setup: define time range of data collection, define collection per app in a Search Profile, select Captures and apps before a live or boot scan and exclude folders from the scan

Use the single timeline view that combines files and artifact records with a user’s actions.

  • View results while a scan is running 

  • View chat conversations with bubbles to easily identify the senders and receivers with “Message Thread” hyperlink to select individual conversations

  • Filter search results with sorting and search capabilities (dates, hash values, tags, text filters, more)

  • View pictures and videos organized by visual classes such as people, faces, currency, weapons, vehicles, indecent pictures of children

  • View links between files of interest and user’s activities such as recently access files, downloaded files, attachments, and more

  • Inspect video using DEI’s comprehensive video preview and frame extraction

  • Automatically tag hash and keyword matches

  • Define new file types and select individual ones to be processed

  • Display provenance, including comprehensive metadata, of all relevant files and artifacts

  • Reorder or disable post-scan tasks (classification of pictures, videos, or entity extraction) to run in the Viewer

  • Leverage facial analysis age detection to quickly sort and identify infants, toddlers, children, and adults

  • ADD-ON: Rosoka Entity Extraction and Language Translation Gisting (230 languages) available

Digital Evidence Investigator software lets you create a standalone portable viewer for further analysis and reporting for prosecutors and other investigators.

  • Precisely select which files and artifacts to export
  • Customize your report to show specific columns and redact pictures
  • Present information in a table or list
  • Include original files or previews only
  • HTML and PDF reporting options
  • Export to other forensics applications with VICS / Project VIC (JSON) or CSV formats
  • Export to the Orchesight platform
  • Share scan results with a portable standalone viewer

The Digital Evidence Investigator Software Kit Includes:

  • One Portable Travel Case
  • One Licensed Digital Evidence Investigator® Software Authentication Key
  • One 500GB SSD Collection Drive
  • One 4 Port USB Hub
  • Software Maintenance and Support

Request a Quote

Recommended Technical Specs:

  • Windows 10 64-bit
  • Intel i7 CPU
  • 8GB Minimal, 16GB of RAM Recommended
  • 500GB PCIe NVMe SSD hard drive

Request a Quote

ADF Solutions digital forensic experts designed the Digital Evidence Investigator (DEI) Certified User training to equip both technical and non-technical investigators with the knowledge and skills they need to use DEI to immediately extract conclusive intelligence and evidence from computers and digital media. 

Course Length

16 Hours: Learners typically take approximately 16 hours to successfully complete the exercises and the final certification exam.

Course Outline

  • Introductions and getting started with Digital Evidence Investigator
  • Triage and field use cases
  • Preserving digital evidence and the boot process
  • Installation and preparing a collection key
  • Introduction to the DEI user interface
  • Using a collection key to extract digital evidence
  • Case Study 1: Child Exploitation - Quick Scan
  • Case Study 2: Child Exploitation - Targeted Folders
  • Case Study 3: Internet Scam
  • Case Study 4: Suspected Terrorism
  • File Identification
  • Case Study 5: Search Profile Lab
  • Advanced Concepts
  • Final Exam 

Cost

$995 Online Self-Paced Class (Buy Online Now)

In-Person for Your Team (Request a Quote)

"The quickness and user interface, as well as the ability to shape the triage and target certain types of investigations, have impressed everyone."

Computer Forensic Analyst

U.S. Federal Agency