Back to News

How to Create a Keyword Capture

Posted by Richard T. Frawley on March 1, 2019
Richard T. Frawley
Find me on:

Creating a Keyword Capture for ADF Search Profile

Whether you are preparing to go on-scene or you are in your digital forensic lab getting ready to perform triage or one or more digital forensic scans, this video tutorial will show you how you can easily create a keyword capture and add keywords to a Search Profile.  We begin from when you have started to create a Custom Search Profile and want to add your own unique keywords.

ADF software lets investigators and examiners search for files by keyword(s) using substrings or regular expressions.  ADF software allows you to search for keywords in all file and folder names, file content and metadata, and artifact records from other captures.

Combining all three search scopes will give you a unique view into the keyword results during analysis. Take for example a keyword specific to Cryptocurrency, this will allow you to quickly see whether cryptocurrency was researched, downloaded, installed, or used.

This together with installed applications and application usage will round out the overall picture, and hopefully narrow it down to a specific program. If you search for filenames and folder names with specific cryptocurrency keywords, you can nail down locations, crypto wallets, logs, and possibly passphrases which are very important to cryptocurrency programs and security.

Example 1: Take an example of Armory which requires a suspect to save the root key of their wallet. If you locate this document you now have access to the wallet. A simply crafted keyword search will give you the necessary information to continue with your investigation.

Example 2: Another example is when searching for a unique name, such as an accomplice or victim, the keyword results will be presented to you so that you can instantly tell whether the suspect and victim have been communicating, have a directory named for them, or have been researched in web browser captures.

ADF Keyword searches can be tailored to fit your specific investigative needs and will be presented in an easy to understand format. This along with linking files to referenced files will assist you making rapid decisions on scene or in the lab.

Try ADF for 30 Days Free

Topics: Search Profiles, Digital Evidence Investigator, Triage-G2, Triage-Investigator, Custom Search Profiles, How To Video

Get Triage & Digital Forensic News (once a month)

Posts by Tag

See all

Recent Posts

CustomButton
  • READY TO ACCELERATE YOUR DIGITAL INVESTIGATIONS?