When making decisions on scene it is critically important for an investigator to scan and analyze the Operating System Drive or Partition, or what is commonly referred to as the C:\ drive. ADF digital forensic software tools give investigators out-of-the-box Search Profiles designed to quickly scan and analyze OS partitions with targeted paths that would not be present on a non OS partition.

If you come across a non OS drive or partition, a storage partition, or external storage drive, instead of using the built-in Comprehensive Search Profiles, you can create a Custom Search Profile for non operating system drives using Digital Evidence Investigator^®. 

Due to an increase in crimes involving the use of computers and cell phones, there is a growing need for Digital Media Investigators, sometimes referred to as DMIs. They have an important role to play in police investigations and that role is becoming more critical with the proliferation of digital data. 

Digital media investigators do more than just sit in a lab looking at hard drives. They are often digital first responders and go out into the field with other law enforcement agents to investigate crimes first hand and offer advice on how to gather digital evidence at a crime scene. Collecting, analyzing and reporting on digital evidence to be used to prosecute and convict criminals is a vital role for DMIs in the United Kingdom and elsewhere.

When you're faced with a mountain of digital evidence, how do you start sifting through it? For law enforcement, litigation support, and incident response agencies organizing and prioritizing digital media and electronically stored information (ESI) is crucial. Adopting an Early Case Assessment (ECA) methodology helps expedite and improve overall case efficiency and productivity; reducing backlogs and increasing turnaround times.

One of the reasons that investigators choose ADF software as their primary triage tool is because it can be used standalone or in conjunction with traditional forensic software.  Triage is ideal for front-line investigators because it's fast, easy-to-use, and can net results in situations where time matters. Deployed in a forensic lab, triage software can reduce forensic backlogs and allow forensic examiners to prioritize deep dive forensic investigations.

While there are many tools and techniques available to examiners for recovering data from volatile memory, ADF Digital Evidence Investigator^®, Triage-Investigator^®, and Triage-G2^® are fast and easy. 

A simple 2-step process lets non-technical investigators and examiners quickly perform a RAM capture when running a live scan on the computer from a collection key: 

1. Click "Create RAM Dump" from the main menu
2. The RAM Dump will be saved to the collection key as a .bin file and then zipped

With eleven (11) out-of-the-box Search Profiles inside Digital Evidence Investigator^® (DEI), the ADF Digital Forensic team has created software that enables investigators and forensic examiners to obtain the digital evidence needed in a wide variety of evidence collection situations.