Back to News

Digital Forensic Search Profiles

Posted by Bret Peters on August 31, 2018
Bret Peters
Find me on:

Digital Forensic Search ProfilesWith eleven (11) out-of-the-box Search Profiles inside Digital Evidence Investigator® (DEI), the ADF Digital Forensic team has created software that enables investigators and forensic examiners to obtain the digital evidence needed in a wide variety of evidence collection situations. 

What is a Digital Forensic Search Profile?

A Digital Forensic Search Profile is a combination of Artifact and File Captures. Artifact Captures recover specific records or information e.g. browsing history records or user account information.  File Captures recover files matching certain criteria such as file properties, inclusion of keywords or matching hash values.  File Captures are supplied within the ADF software program and can be user created. 

ADF Search Profiles

  • General Profiling (Quick): Runs all artifact Captures, except Email and Peer-to-Peer (P2P), searches for anti-forensic traces, remote access traces and pictures in browser cache
  • General Profiling (Intermediate): Runs all artifact captures, excluding P2P captures, collects pictures, video frames , and Office documents in user folders.  Searches for anti-forensic traces, remote access traces and social media traces.  Collects protected files and files not processed by parser. 
  • General Profiling (Comprehensive - Speed Optimized): Runs all artifact Captures, excluding P2P Captures, collects allocated, embedded, and deleted pictures, videos, and frames from videos over 100MB and Office documents using the Thorough Identification for Files Without Extensions. Collects Registry files, searches for anti-forensic applications and more. 
  • General Profiling (Comprehensive): Runs all artifact Captures, excluding P2P Captures, collects allocated, embedded, and deleted pictures, videos, and frames from videos over 100MB and Office documents. Collects Registry files, searches for anti-forensic applications remote access traces, social media traces, and more. 
  • Collection - iOS Backup (Quick):  Collects all files from an iOS backup.
  • Email (Intermediate): Recovers messages and attachments from outlook, Apple Mail, Windows Mail and Windows Live Mail.  Collects protected files and files not processed by parser.
  • Collect Pictures from Free Space (Comprehensive): Searches Unallocated Clusters for Deleted Pictures. 
  • Indecent Pictures of Children [ a.k.a. IPOC] (Quick): Runs all artifact Captures, except Email, collects pictures and video frames in web browser caches, and searches for common child exploitation keywords in file names and artifacts. Searches for P2P traces and files in the Skype caches.
  • IPOC (Intermediate): Runs all artifact Captures, collects pictures and video frames in user folders, searches for common child exploitation keywords in user folders, and searches user folders for known has values. Searches for anti-forensic traces, remote access traces, and files in Skype caches. Collects protected files and more. 
  • IPOC (Comprehensive Speed Optimized): Runs all artifact Captures, collects allocated, embedded, and deleted pictures and videos using the Thorough Identification for Files Without Extension option. Searches for common child exploitation keywords, and searches for known  hash values (Project VIC, CAID).
  • IPOC (Comprehensive): Runs all artifact Captures, collects allocated, embedded, and deleted pictures and videos. Searches for common child exploitation keywords, and searches for known  hash values (Project VIC, CAID).  Searches for anti-forensics traces, remote access traces, P2P traces and files from Skype caches, and more. 

Create Custom Search Profiles 

ADF Software is built with non-technical users in mind.  It's easy to create a new Custom Search Profile from scratch but DEI users can also begin by copying an out-of-the-box Search Profile and then customizing Captures to suit operational objectives. 

Importing and Exporting Search Profiles 

Search Profiles can be imported and exported so that they can be used on another computer.  This functionality enables users to build Custom Search Profiles and share them with team members or for staff conducting specific onsite examinations. 

Request DEI Free Trial 

Digital Evidence Investigator® allows the creation of custom Search Profiles containing a combination of default and user created Captures. Copies of the default Search Profiles may also be modified to suit operational requirements. 

Topics: IPOC, Project Vic, Hash Sets, CAID, Digital Evidence Investigator, ICAC, Video Forensics, Internet Investigation, Computer Forensics, Photo Forensics, Forensic Lab Solutions, Computer Forensic Lab, ICAC Task Force, Forensic Analysis, Custom Search Profiles, Anti-Forensic Traces

Get Triage & Digital Forensic News (once a month)

Posts by Tag

See all

Recent Posts

CustomButton
  • READY TO ACCELERATE YOUR DIGITAL INVESTIGATIONS?