ADF digital forensic tools come with out-of-the-box Search Profiles. In this short video, you'll learn how to use Digital Evidence Investigator PRO to demonstrate how to create a search profile.
ADF Search Profiles are maintained in the Set Up Scans Menu option. The Search Profile, when run, will collect the information selected within the Search Profile. Search Profiles will run from the desktop application or from the collection key on a Live or Boot scan.
ADF Search Profiles are categorized by speed and objective, such as
- Quick
- Intermediate
- Comprehensive
Quick and intermediate scans are designed to run fast and target the user profiles of the operating system. Comprehensive scans the entire file system and Mobile are for use with iOS and Android devices. Search Profile run time can be from minutes to a few hours depending on the scan you choose. Read our blog post about ADF Search Profiles to learn more about our general profiling, iOS Backup, IPOC (Indecent Pictures of Children) and Email profile options.
A Search Profile is a combination of Selected Artifact Captures and File Captures appropriate for the Search Profiles objective. Within a search profile view, you can see the components that make up a Search Profile and customize to create a new profile by selecting "Copy" or “New Profile”.
Artifact Captures recover specific records or information, such as browsing history records or user account information. Artifact Captures are denoted by icons and Users cannot create or edit Artifact Captures.
File Captures recover files matching certain criteria such as file properties, Files with matching keywords, or files with matching hash values. File Collection Captures are supplied with the program and can also be user created.
ADF tools allow for the creation of custom Search Profiles containing a combination of default and user created Captures. Copies of the default Search Profiles may also be modified to suit your specific requirements, and have options such as adding informational fields, collecting protected files, and applying bitlocker to the collection key.
To create your own capture highlight the category and then select the task specific capture, if you would like to select the entire list of captures select the category. Custom captures can be added, such as your hashes and keywords, and once created, remain to be used for subsequent search profiles. Once all selections have been made give it a custom name and add notes as to the specific task of the profile. Select Next - add custom fields and choose your scan options, then save your profile. Your custom search profile is now part of the Search Profile Library.