ADF Evaluation Instructions for Digital Evidence Investigator®, Triage-Investigator®, Triage-G2®

Thank you for your interest in evaluating ADF. For your convenience, the ADF Software Evaluation Kit comes with one 8GB Evaluation Key (USB). This Evaluation Key will be used both as a license key as well as a device to launch a scan of a stand-alone computer and store collected data.

Please note, you can also use a larger drive as a collection drive (see the Create Your Own Collection Drive section below).


System Requirements

Operating System

Minimum System Requirements

Windows 7 32/64-bit

2GB of RAM, 20 GB of free hard drive space

Windows 8.1 32/64-bit

4GB of RAM, 20 GB of free hard drive space

Windows 10 32/64-bit

4GB of RAM, 20 GB of free hard drive space


 

 

 

 


Getting Started

  • You must be connected to the Internet to fully install the software.
  • Insert the Evaluation Key into your computer and execute the installer ending with “-xxxxxx.msi”.
  • Follow the installation wizard instructions.
  • During the installation, you will be prompted to install the Windows ADK 10 which is required for scanning powered off computers.
  • The Evaluation Key must be prepared prior to using the software. To set-up the Evaluation Key simply start the application and follow the on-screen instructions.
  • If you encounter errors during the installation, please refer to the Troubleshooting section.

IMPORTANT: Register your License for Software Updates

YOU ARE NOW READY TO USE THE ADF SOFTWARE

Scanning stand-alone computers

  • Both powered off and live computers

ADF Scanning Stand Alone Computers Live and Powered Off

Scanning other media and devices

  • including drive images, hard drives, folders, and other external devices

ADF Scanning Other Media and Devices

Scanning a Computer

If you are going to scan a computer (powered-on or powered-off) you will need to prepare the USB key for data collection.

ADF Prepare Collection Key

Select the Search Profile(s) you would like to have available for the scan and then click prepare.

ADF Search Profiles

Remove the USB key when prompted. You are now ready to scan a computer.

For detailed instructions on scanning a power-off computer (Boot Scan), please refer to the relevant User Guide for your evaluation software (links below).

To scan a powered-on computer:

  • Insert the prepared USB Key into the target computer
  • Execute the Start.bat file stored on the USB key
  • Select your target device

ADF Select Your Target Device

  • Select your desired Search Profile

ADF Select Your Desired Search Profile

  • Enter your Scan Information

ADF Enter Your Scan Information

  • Click on Scan button
  • Once the scan has completed you will be prompted to review the results

Comprehensive instructions on all phases of a scan (data collection, analysis and reporting) can be found in the relevant product User Guide.

View User Guides

Scanning a Digital Device

Connect your target digital device (USB, removed hard drive, etc.) to your computer (forensic workstation) using a write blocker. (If you are going to scan a drive image stored on your computer or network drive you can ignore this step).

Start your ADF software by double clicking on the appropriate desktop icon.

Once the software is running, select your target device(s).

  • Physical Drives are denoted by a hard disk icon
  • Logical volumes are listed beneath the physical drive entry
  • Attached devices are denoted by a flash drive icon
  • Bitlocker / FileVault 2 volumes are flagged (volume will be disabled if not decrypted)
  • Specific targeted folders are denoted by a folder icon
  • Image Files - E01 or .dd are denoted by an image icon

ADF Target Devices - Scanning a Digital Device

Select your Search Profile.

ADF Select Your Search Profile - Scanning a Digital Device

 

Click on Scan Button.

Once the scan is completed you will be prompted to review the results.

Comprehensive instructions on all phases of a scan (data collection, analysis and reporting) can be found in the relevant product User Guide.

View User Guides

OPTIONAL: Creating a Boot CD for Scanning Older Computers

  • The Evaluation key can scan powered off computers if the computer BIOS is set-up for a USB boot. However, the BIOS on some older computers may only allow a CD/DVD boot option. You will need to create an ADF Boot CD for this. (Note: The full ADF Kit includes this Boot CD.)
  • To create your own Bootable CD, download the most recent plpbt-5.0.X.zip, extract the plpbt.iso, right-click select "Burn disc image" to burn this image on your CD.

OPTIONAL: Create Your Own Collection Drive

If you need to collect more than 8GB of data (the size of the Evaluation Key) during your scan, you can create your own collection drive. There is no limitation of the size of the USB device that you use, however ADF recommends using a high-speed USB 3, SSD device for optimum performance. ADF has tested and includes a Samsung T3 250 GB SSD or a Corsair GTX 256 GB SSD in the full, purchased Kits.

Please note that using a USB device that does not meet these specifications will affect the performance and speed of the scan.

To create your own collection key:

  • Insert your Evaluation Key to your forensic workstation
  • Insert the USB device you want to use as a collection key
  • From the main menu select “Prepare Collection Key”
  • From the USB options shown, select your desired USB device
  • To complete the preparation, follow the on-screen prompts

Evaluation vs. Full License

The ADF Evaluation Software Kit has a trial expiration period but is not feature restricted. There are however, two hardware related restrictions with regards to scanning stand-alone computers.

Limited 8GB Storage Capacity of Evaluation Key

  • The full ADF Kit comes standard with a 250 GB high-speed SSD device to launch a scan of a stand-alone computer and store collected data. Alternatively, you will also be able to use other generic high capacity devices as well (e.g. 1TB, 2TB, etc.). Note: This limitation only applies to scanning stand-alone computers.

Scanning Multiple Computers

  • The Evaluation key is both a license key and scan/storage device - consequently it can scan only one stand-alone computer at a time. The full ADF Kit comes with a dedicated license key which allows you to scan multiple stand-alone computers simultaneously. If you would like to scan multiple computers please see Create Your Own Collection Drive section to create multiple collection keys.

ADF Create Multiple Collection Keys

Resources

Troubleshooting

License file not found

  • When the ADF software starts for the first time it backs up the license file from your Evaluation Key to your hard drive. If the license file is not found, make sure the Evaluation Key is properly plugged in and visible under My Computer, then click the retry button

I cannot find the ADF executable on the Evaluation Key

  • The installer program file will be removed from the Evaluation Key after you prepare the key for the first time. If you need the ADF executable, please contact ADF support.

 

  • READY TO ACCELERATE YOUR DIGITAL INVESTIGATIONS?