When collecting digital evidence, speed is often the name of the game, such as when you are serving a search warrant, dealing with a mass casualty incident, working a consent search, or trying to ascertain where to focus your efforts when dealing with multiple devices. When dealing with these types of use cases, one-dimensional or one size fits all evidence collection, will not pass muster and you need the ability to cut through the noise and get to the relevant information fast.
ADF digital forensic software gives you, the investigator or examiner, the ability to easily choose how you want to collect digital evidence. You can prioritize speed or opt for a more comprehensive search when you have the time to do so. Since each investigation or crime scene is different, with ADF you have the ability to quickly adapt to easily get the evidence you need to help you move your case forward.
In this short 3 minute video, Rich Frawley, our Director of Training and digital forensic specialist, teaches you how to understand the options you have in the Define Files screen when you choose to customize a Search Profile. When defining files to collect, whether for file collection, by keyword, or by hash ADF offers you several options that need to be selected when you create a Custom Search Profile. Your options are: 
- Collect matching files: Selected by default - If this box is unchecked it will only detect files (no collection). The original files will not be collected however, the files are otherwise processed normally (thumbnails are created, video frames are extracted, metadata is extracted, etc.).
- File identification method: This option defines how the files selected in File types are identified
- Fast identification: Identifies file types using the file extension only. This method is the fastest but it will not identify files without extensions or files with an incorrect extension.
- Thorough identification for files without extensions: Uses file signature analysis to identify files that have no file extension and fast identification on those that do. This method is useful for applications that save data in files without extensions such as the Google Chrome cache.
- Thorough identification for all files: uses file signature analysis to identify all files. This will increase the time the scan takes to run but it is the most accurate file identification method.
You will also be able to control the options related to archives, documents, and picture DB files:
- Search selected file types in:
- Archives: searches for all selected file types within archives such as zip, tar and other containers.
- Documents: searches for all selected file types embedded within Document file types.
- Picture DB File: searches for all selected file types within Windows thumbcache, thumbs.db files and Apple ithmb files.
Digital Evidence Investigator PRO is the best automated digital forensic tool for field investigations of mobile devices and computers. Tie the user to a files, artifacts and digital evidence in a timeline view. DEI PRO comes with out of the box search profiles which can be customized by investigators and examiners.
