When making decisions on scene it is critically important for an investigator to scan and analyze the Operating System Drive or Partition, or what is commonly referred to as the C:\ drive. ADF digital forensic software tools give investigators out-of-the-box Search Profiles designed to quickly scan and analyze OS partitions with targeted paths that would not be present on a non OS partition.
If you come across a non OS drive or partition, a storage partition, or external storage drive, instead of using the built-in Comprehensive Search Profiles, you can create a Custom Search Profile for non operating system drives using Digital Evidence Investigator®.
Create a Search Profile for this purpose by selecting "New Profile" from the function toolbar. If you want to collect Multimedia or Documents you can select file captures to achieve this goal. In the multimedia section select any of the file captures that are comprehensive as these captures search the entire file system regardless of paths.
With this new Search Profile you can also add a custom keyword list or hash list. You can learn to create these file captures in our other short how to videos:
Once your new Search Profile is complete it can be run from the Collection drive or on your forensic machine against any attached devices or forensic image files.
Did you know? ADF ships with more than a dozen out-of-the-box digital forensic Search Profiles which are built to be either time based or case based. The time based Search Profiles are typically used by the military or for sensitive site exploitation or intelligence gathering where there is a time limit on-scene. The case based profiles are focused on types of cases being investigated, such as executing a search for Child Exploitation Material (CEM) or Child Sexual Abuse Material (CSAM).