Computer-forensic-lab

When investigating computer crimes and being called on to conduct computer forensics or forensic phone analysis in the field, it is good to be ready for whatever comes your way. One phrase you commonly hear when talking to anyone in the cybercrime arena is “there has to be more than one tool in the toolbox”, and this is a very true statement, no one tool does it all, and all tools do it slightly differently. You do not use a large Phillips screwdriver to remove a small screw from a picture frame and you do not use an eyeglass screwdriver to remove a wood screw, this is because you know your tools and your toolbox.

In this 3-minute "How To" video, you'll learn the benefits of having a digital forensic triage process that works from field to lab. Using ADF digital forensic tools, examiners can prepare field investigators to find digital evidence and intelligence on mobile phones, tablets, computers, and storage devices starting on-scene. 

On-scene, it can be impractical for investigators to seize all the digital devices they locate so investigators that are able to triage on-scene only seize devices with relevant data.

Without digital forensic triage, investigators have to collect every device. 

At the scene of any crime or incident it is important to protect and collect evidence. There are different types of evidence, including physical and digital. ADF Solutions focuses on retrieving digital evidence from devices starting on-scene. 

Today’s smartphones, tablets, and computers are faster, smarter, and capable of holding more and more data than ever before. They offer more storage and the ability to connect to the cloud and to Internet of Things (IoT) devices.  

Faced with more and more data, more and more police forces are adopting forensic triage methodologies to handle digital evicence on-scene, in the lab, or both in the field and lab. 

When making decisions on scene it is critically important for an investigator to scan and analyze the Operating System Drive or Partition, or what is commonly referred to as the C:\ drive. ADF digital forensic software tools give investigators out-of-the-box Search Profiles designed to quickly scan and analyze OS partitions with targeted paths that would not be present on a non OS partition.

If you come across a non OS drive or partition, a storage partition, or external storage drive, instead of using the built-in Comprehensive Search Profiles, you can create a Custom Search Profile for non operating system drives using Digital Evidence Investigator^®. 

Due to an increase in crimes involving the use of computers and cell phones, there is a growing need for Digital Media Investigators, sometimes referred to as DMIs. They have an important role to play in police investigations and that role is becoming more critical with the proliferation of digital data. 

Digital media investigators do more than just sit in a lab looking at hard drives. They are often digital first responders and go out into the field with other law enforcement agents to investigate crimes first hand and offer advice on how to gather digital evidence at a crime scene. Collecting, analyzing and reporting on digital evidence to be used to prosecute and convict criminals is a vital role for DMIs in the United Kingdom and elsewhere.

When you're faced with a mountain of digital evidence, how do you start sifting through it? For law enforcement, litigation support, and incident response agencies organizing and prioritizing digital media and electronically stored information (ESI) is crucial.

Adopting an Early Case Assessment (ECA) methodology helps expedite and improve overall case efficiency and productivity; reducing backlogs and increasing turnaround times.

One of the reasons that investigators choose ADF software as their primary triage tool is because it can be used standalone or in conjunction with traditional forensic software.  Forensic Triage is ideal for front-line investigators because it's fast, easy-to-use, and can net results in situations where time matters. Deployed in a forensic lab, triage software can reduce forensic backlogs and allow forensic examiners to prioritize deep dive forensic investigations.

What's the fastest, easiest way to perform RAM Dump? While there are many tools and techniques available to examiners for recovering data from volatile memory, ADF Digital Evidence Investigator^®, Triage-Investigator^®, and Triage-G2^® are fast and easy. 

A simple 2-step process lets even the most non-technical field investigators or highly trained digital forensic examiners quickly perform a RAM capture when running a live scan on the computer from a collection key: 

1. Click "Create RAM Dump" from the main menu
2. The RAM Dump will be saved to the collection key as a .bin file and then zipped

With more than a dozen out-of-the-box Search Profiles inside Digital Evidence Investigator^® (DEI) and all the ADF digital forensic and triage tools, the ADF Digital Forensic team has created software that enables investigators and forensic examiners to capture files, artifacts, and the digital evidence needed in a wide variety of evidence collection situations.