ADF triage performance is fast -- built to be under two minutes for certain scans. Digital forensic triage speed and performance can vary based on a number of factors including the triage software you are using, the search criteria you choose, the suspect hardware configuration, and how much you know about what you are looking to understand in your investigation.
TIME
ADF Digital Evidence Investigator, Triage-Investigator and Triage-G2 feature speed optimized evidence collection capabilities we call “Search Profiles”. The Search Profile you choose for your investigation can affect the duration of the scan. If you are in a hurry, you’ll want to choose our Quick scans. In the case of general profiling, the ADF Quick Scan runs all artifact Captures, except Email and Peer-to-Peer (P2P), searches for anti-forensic traces, remote access traces, and pictures in browser cache. Learn more about ADF Digital Forensic Search Profiles.
If your investigation is time sensitive and you need to find evidence as quickly as possible you’ll want to choose the appropriate Quick Scan to search the highest probability areas of the suspect computer first so that you can get rapid results.
INVESTIGATION FOCUS
Depending on your investigation, you may find that you need to scan the entire suspect hard drive. Keep in mind that this will still be much faster than processing a case with traditional forensic examination software – the difference is hours for a triage scan versus days for processing a drive image.
ADF software enables investigators to easily choose between Quick, Intermediate and Comprehensive evidence collection settings. We also offer Comprehensive Speed Optimized which is particularly valuable for investigators working cases involving indecent pictures of children (IPOC) where identifying suspects and victims should be done as quickly as possible.
HARDWARE / SOFTWARE CONFIGURATION
With regard to suspect hardware variables, the triage process primarily depends on the following factors:
- Memory (RAM) of the suspect computer
- Read/Write speeds of the suspect hard drive
- Read/Write speeds of the Triage Key (USB key)
- The size of your Captures
ADF Digital Evidence Investigator, Triage-Investigator, and Triage-G2 are automatically built for speed. Our military and intelligence clients, in particular, require fast triage capabilities which often mean triage in speeds under two minutes. Learn more about ADF tools, compare products, or request a demo to learn more about rapid field triage.
