ADF digital forensic software is known for rapid file and artifact collection but we're also widely respected for our seamless user interface. No matter whether you are using Mobile Device Investigator, Triage-Investigator, Triage-G2, Digital Evidence Investigator or our PRO tools, ADF tools are designed to make it easy for investigators to quickly determine what to scan and how to scan it.
Our goal is to make empower investigators to make rapid on-scene decisions so they can quickly identify victims, suspects, and move their case forward toward a successful outcome.
Watch this short 6-minute How To video to learn how to Organize the Records View.
Rapid Digital Forensic Analysis
On-scene triage and digital investigations can be stressful, especially when reviewing data in hostile or time constrained situations. ADF automates analysis to speed decision making and gives investigators the ability to customize views and are designed to provide a single uniform user experience across all our tools. So if you're using Digital Evidence Investigator for computer forensics and decide to upgrade to DEI PRO to add smartphone and mobile evidence collection, the user experience is the same.
Configure Views with Screen Layout Controls
Frontline agents and investigators can configure views to make records easy to view so they'll have all the pertinent evidence and information at their disposal to tie files, evidence, and artifacts to the user in a timeline view.
- Review Captures with hyperlinked results
- Move and resize columns
- Hide columns to focus deeper on the evidence you want to review
- Backward and forward navigation toolbar
- Filter by type (pictures, videos, keywords, timeline, files, tagged, etc.)
- View statistics such as number of records tagged, displayed, selected
- View in folder tree
Tag and Add Comments
In addition to ADF's powerful classifier and tagging engine, investigators can create new tags, apply their own, add comments and display post-scan processing tasks including the visual classification of pictures, videos and entity extraction (with the Rosoka Add-On).
Dive Into Evidence Details
The Details Panel provides deeper information for individual file or artifact records. The options are displayed in a series of horizontal tabs with additional functionality accessible via the right-hand toolbar of the details panel which provides information on:
- Properties - individual properties of the selected record
- Metadata - extracted from the selected file
- Excerpts - displays up to 1,000 keyword hits highlighted in yellow with surrounding text visible
- Video Frames - displays up to 50 frames taken at regular intervals from a video file
- Preview - view documents, view pictures and images are available in their actual size and videos are playable via an internal player (subject to locally installed codecs)
- Duplicates - displays a list of duplicates based on the hash value of their content only
Referenced Files
When an artifact record references a file found on the target file systems, a link is established between the two. We refer to these files as referenced files. A hyperlink makes it possible to navigate from the artifact record to the referenced file(s). Another hyperlink, called Linked Artifacts, exists between the referenced file and their artifact record(s).
Keyword and Hash Match Indicator
File records that have been identified by a keyword search or a hash value search may be more relevant than the other records because they match a specific search criteria. To help them stand out, a Match indicator is shown in tables and gallery views. The Match indicator can also be used to sort and filter records.
Law enforcement agencies that want to deploy digital forensic triage to the field to speed computer investigations should consider Field Investigator for Teams.
