Computer-forensics-video

Advanced Digital Forensic Solutions Inc., a company that has been around since 2006 and a leader in forensic triage and collecting information so that decisions can be made. Solutions! ADF strives to live up to its name by being on the forefront with solutions. Solutions to help make your job easier, your backlog slower, and your overall cost lower. ADF Solutions has done it again by grabbing the reins on AFF4 logical imaging and solving an issue in the community.

When conducting on-scene triage for any type of crime it is essential to be prepared for any devices you may encounter. It is important to pre-plan and try to figure out what type and how many devices you may encounter, but no matter how many times you read the report or conduct pretextual calls your estimate is going to be off. You need to be prepared and have the ability to adapt and overcome.

ADF's Quick-Saved Credentials profile is a powerful profile that extracts the usernames and passwords from Web Browsers and is built so it will not trigger antivirus applications when attempting to collect web credentials. This makes the investigator's job easier on-scene, requires less interaction with the device, and allows for more records to be parsed thereby giving the computer forensic investigator the ability to quickly collect critical information for their investigation.

Learn how to use the ADF Quick Saved Credentials Profile to uncover Web credentials in this short 2-minute video tutorial. Collecting saved credentials quickly gives access to accounts that may have been previously unknown and allows investigators to do preservation orders and search warrants. 

ADF tools have the ability to scan all available Mac computers (M1 and T2 chips) with all types of encryption and virtual drives by running a remote agent that communicates with the desktop application. 

When conducting digital forensic investigations that involve live (up and running) computers, it is imperative to collect volatile memory so that all your bases covered and so that no vital evidence is lost.  A live analysis conducted in the correct manner will yield the results you are looking for in your investigation.  It has become commonplace and an accepted practice to collect data from a live computer, especially in cases of child exploitation. ADF software makes it easy for detectives and investigators to perform a RAM capture in the proper manner with as little intrusion as possible.

Within ADF software and forensic triage products, including Digital Evidence Investigator, Triage-Investigator, or Triage-G2, an investigator can quickly find Dark Web traces. This can be done in Quick Profiles but in this video, Rich Frawley shows how to use an Intermediate Profile to triage a suspect machine to identify Dark Web traces. These can be found in ADF's Anti-Forensic Traces Capture. 

Investigators can now scan all available Mac computers (including macs with T2 or M1 chips) with all types of encryption and virtual drives by running a remote agent that communicates with the desktop application. Now you can perform digital forensic triage on all Macs including

• macOS T2 chip
• macOS M1 chip
• Mac Fusion Drive

Regular Expressions - (also known as "regex") are special strings representing a pattern to be matched in a search operation and they can be particularly useful in mobile and computer forensics investigations. 

One of the ways we allow investigators to find and focus on relevant evidence is by allowing investigators to customize and bring in a unique set of keywords using a substring or with regular expressions. ADF forensic tools also implement regular expression keywords in our trace captures and keyword lists. So why are Regular Expressions different from using regular keywords?

Intelligence gathering is a discipline that's on a different playing field than your typical law enforcement search warrant or forensic triage examination. ADF's Triage-G2 and Triage-G2 PRO enable military field operatives to rapidly collect and exploit captured equipment, media and documents in theaters of operation around the world and reduce time on target for:

Learn how to use the ADF Quick Saved Credentials Profile to uncover Web credentials in this short video tutorial. Collecting saved credentials quickly gives investigators access to accounts that may have previously been unknown and allows investigators to request preservation orders and search warrants.  

ADF's Quick - Saved Credentials profile is a powerful digital forensic triage profile that extracts the usernames and passwords from Web Browsers. It is the only Search Profile that may trigger the anti-virus on the machine.

It's a known issue that many agencies and departments are facing worldwide; how to fight and reduce backlog to stay up to date on cases so that they don't get stale. It's a serious issue, but we at ADF can show you a few ways to fight in-house forensic backlog with digital forensic triage.

ADF computer triage has long been admired for some of the best digital forensic triage capabilities on the market. Since 2006, ADF digital forensic experts have been building triage tools to empower investigators to quickly collect evidence and on-scene intelligence from computers and digital devices.

Our newest How-To video will cover how to image from either the Desktop tool or the USB device (Collection Key) on a Boot and Live Scan. 

In this short 4-minute Mac forensics "How To" video, ADF forensic specialist, Rich Frawley, shows you how to conduct a boot scan of a MacBook Air with APFS & FileVault2 enabled.

Digital Evidence Investigator is built for front-line field investigators and lab examiners who need to do digital forensic investigations on Mac, Linux, or Windows. Combined with Mobile Device Investigator, Digital Evidence Investigator PRO gives you all the best computer forensic capabilities along with iOS and Android mobile forensics in a single affordable forensic tool. 

In this short video ADF's Digital Forensic Specialist, Rich Frawley, demonstrates the installation process for DEI and DEI PRO, on an offline computer that does not have Internet access. You can refer to our Technical Specifications for minimum requirements and supported Operating Systems.

Digital Evidence Investigator is built for front-line field investigators and lab examiners who need to do digital forensic investigations on Mac, Linux, or Windows. Combined with Mobile Device Investigator, Digital Evidence Investigator PRO gives you all the best computer forensic capabilities along with iOS and Android mobile forensics in a single affordable forensic tool. 

In this short video ADF's Digital Forensic Specialist, Rich Frawley, demonstrates the installation process for DEI and DEI PRO, on a computer that has Internet access. You can refer to our Technical Specifications for minimum requirements and supported Operating Systems.

Digital Evidence Investigator PRO enables front-line field investigators to quickly create an iOS forensic backup of an iOS mobile device on-scene or back in the lab. In this short video, ADF Digital Forensic Training Manager, Rich Frawley, will show you how to easily backup an iOS device with DEI PRO.

Digital Evidence Investigator PRO enables front line field investigators to quickly create a forensic backup of an Android device on-scene or back in the lab. In this short video, ADF Digital Forensic Specialist, Rich Frawley, will show you how to easily backup an Android device with DEI PRO.

ADF digital forensic tools come with out-of-the-box Search Profiles. In this short video, you'll learn how to use Digital Evidence Investigator PRO to demonstrate how to create a search profile.

When making decisions on scene it is critically important for an investigator to scan and analyze the Operating System Drive or Partition, or what is commonly referred to as the C:\ drive. ADF digital forensic software tools give investigators out-of-the-box Search Profiles designed to quickly scan and analyze OS partitions with targeted paths that would not be present on a non OS partition.

If you come across a non OS drive or partition, a storage partition, or external storage drive, instead of using the built-in Comprehensive Search Profiles, you can create a Custom Search Profile for non operating system drives using Digital Evidence Investigator^®. 

Digital Evidence Investigator^® gives investigators the ability to customize Search Profiles and determine exactly what and where you want to look for digital evidence. This is especially convenient when looking to tailor a search for a forensic triage type scan or a targeted collection. This is accomplished by using the Targeted Folders Option when creating a custom file capture.

ADF offers the best digital forensic solution for getting relevant data from an Apple Mac laptop or desktop running APFS since it is easy to use and offers investigators a quick and easy way to collect and analyze evidence.  In this short 3-minute video, ADF's digital forensic specialist, Rich Frawley shows how to boot a MacBook Air (APFS, non-encrypted) with Digital Evidence Investigator.

As a forensic investigator, there will come a time when you will come across the occasional computer that is difficult to get to the HDD and it may be encrypted by default, such as the Microsoft Surface Pro. In this short video, you'll learn how to easily conduct a boot scan of a Microsoft Surface Pro with Bitlocker activated.

Whether you are preparing to go on-scene or you are in your digital forensic lab getting ready to perform triage or one or more digital forensic scans, this video tutorial will show you how you can easily create a keyword capture and add keywords to a Search Profile.  We begin from when you have started to create a Custom Search Profile and want to add your own unique keywords.

ADF software lets investigators and examiners search for files by keyword(s) using substrings or regular expressions.  ADF software allows you to search for keywords in all file and folder names, file content and metadata, and artifact records from other captures.

Learn how to conduct a Windows live scan with ADF Solutions Digital Evidence Investigator.  Two USB ports are required to complete a scan, one for the Collection Key and one for the Authentication Key, once the scan has started the Authentication Key can be removed. A USB hub may be used in cases where the target computer only has one USB port. 

When running a live scan from a Collection Key it is possible to create a RAM dump of the computer. RAM dumps can then be analyzed with appropriate software (e.g. Volatility).