ADF News

As a forensic investigator, there will come a time when you will come across the occasional computer that is difficult to get to the HDD and it may be encrypted by default, such as the Microsoft Surface Pro. In this short video, you'll learn how to easily conduct a boot scan of a Microsoft Surface Pro with Bitlocker activated.

Of all the investigations that a law enforcement agency may undertake, there may be none as difficult to deal with as crimes perpetrated against minors. The proliferation of online child exploitation material continues to be an issue worldwide, from child pornography to the facilitation of human trafficking. Luckily, investigators are not having to combat this problem alone thanks to industry solutions like those provided by ADF Solutions and the organizations below.  

Whether you are preparing to go on-scene or you are in your digital forensic lab getting ready to perform triage or one or more digital forensic scans, this video tutorial will show you how you can easily create a keyword capture and add keywords to a Search Profile.  We begin from when you have started to create a Custom Search Profile and want to add your own unique keywords.

ADF software lets investigators and examiners search for files by keyword(s) using substrings or regular expressions.  ADF software allows you to search for keywords in all file and folder names, file content and metadata, and artifact records from other captures.

Digital Evidence Investigator^® (DEI) and Triage-Investigator^® come with out-of-the-box default Search Profiles. In this short video tutorial, we use Digital Evidence Investigator to demonstrate "What is a Search Profile?".

In DEI the Search Profiles are maintained in the Setup Scans Menu option. The Search Profile, when run, will collect the information selected within the Search Profile. Search Profiles will run from the desktop application or from the collection key on a Live or Boot scan.

Learn how to conduct a Windows live scan with ADF Solutions Digital Evidence Investigator.  Two USB ports are required to complete a scan, one for the Collection Key and one for the Authentication Key, once the scan has started the Authentication Key can be removed. A USB hub may be used in cases where the target computer only has one USB port. 

When running a live scan from a Collection Key it is possible to create a RAM dump of the computer. RAM dumps can then be analyzed with appropriate software (e.g. Volatility). 

When you're faced with a mountain of digital evidence, how do you start sifting through it? For law enforcement, litigation support, and incident response agencies organizing and prioritizing digital media and electronically stored information (ESI) is crucial. Adopting an Early Case Assessment (ECA) methodology helps expedite and improve overall case efficiency and productivity; reducing backlogs and increasing turnaround times.

The best tools for rapid digital forensic investigations just got better with ADF's release of new software versions to support the collection of artifacts from macOS Mojave, in addition to macOS High Sierra and Windows. 

ADF's New Forensic Software Empowers Investigators and Prosecutors

ADF Solutions, the leading provider of automated forensic software for investigators and lab examiners, announced today the release of new software versions 1.4 for Digital Evidence Investigator^Ⓡ, and versions 4.4 for Triage-Investigator^Ⓡ, and Triage-G2^Ⓡ software.  

"We are very excited to be the first digital forensic software to parse macOS Mojave log files natively under Windows strengthening our macOS support", stated Raphael Bousquet, CTO, and co-founder of ADF Solutions. "In our world of fast and efficient forensic analysis, we strive to reduce data noise for the investigator. The addition of picture and video classification is a great step in the right direction!"

A precise timeline view links user activities with pictures, videos, and files of interest so investigators can quickly build a digital forensic report to share with prosecutors or other investigators.  The new version leverages enhanced automation and enables investigators to run in-depth digital forensics scans quickly.  The highlights of this new release for the investigative and forensic community include:

October 26, 2018 is the inaugural National Financial Crime Fighter Day created by Banker's Toolbox as a way to honor and celebrate the critically important work done by financial crime fighters and professionals who work every day to protect our financial system. 

While there are many tools and techniques available to examiners for recovering data from volatile memory, ADF Digital Evidence Investigator^®, Triage-Investigator^®, and Triage-G2^® are fast and easy. 

A simple 2-step process lets non-technical investigators and examiners quickly perform a RAM capture when running a live scan on the computer from a collection key: 

1. Click "Create RAM Dump" from the main menu
2. The RAM Dump will be saved to the collection key as a .bin file and then zipped

This October kicks off with the fourth annual Northwest Regional ICAC Conference, a multi-state, multi-disciplinary event designed to provide lecture and lab training to prosecutors, digital forensic examiners, and law enforcement investigators focused on the investigation and prosecution of technology facilitated crimes against children. 

A criminal forensic lab located in one of the largest U.S. Federal agencies was working on an extensive child exploitation case and had seized 37 total hard drives that contained over 38 terabytes of data. The case was high profile and the forensic team had a short window of time to examine the contents of the confiscated drives. Technical resources were limited and imaging drives and conducting traditional forensic examinations would be very time consuming. With the amount of data that needed to be searched, the investigators realized that it could potentially be weeks before the examinations were complete and the case could move forward. In addition the case would require significant disk storage space to hold all of the images.

ADF Authorized Partner, CBIT Digital Forensics Services, based in Australia will be hosting J.J. Wallia, C.E.O and co-founder of ADF Solutions, for a presentation on the latest version of Digital Evidence Investigator^® – plus a free half-day training session with Certified ADF Instructor Zoran Iliev using ADF Solutions to accelerate Digital Forensic investigations.

Join ADF Digital Forensic Specialist, Rich Frawley as he presents "On-Scene Digital Investigation Best Practices: From Search Warrant to Court Ready Paperwork" at the Techno Security & Digital Forensics conference in San Antonio, Texas.  The Techno event is a follow up to the top rated Techno Security & Digital Forensics Myrtle Beach event earlier this year where ADF was a Gold Sponsor.  

Rich Frawley, ADF Digital Forensic Specialist will be presenting "On-Scene Digital Investigation Best Practices: From Search Warrant to Court Ready Paperwork" at the Federal Law Enforcement Training Center in Glynco, Georgia this week.  

With eleven (11) out-of-the-box Search Profiles inside Digital Evidence Investigator^® (DEI), the ADF Digital Forensic team has created software that enables investigators and forensic examiners to obtain the digital evidence needed in a wide variety of evidence collection situations. 

This week, hundreds of cyber security and digital forensic experts gathered in Myrtle Beach, South Carolina to participate in the Techno Security and Digital Forensics Conference. The event hosted at the Marriott Resort & Spa at Grande Dunes offered attendees the ability to receive Continuing Professional Education Credits (CPE) depending on their organization. 

ADF was delighted to sponsor certified forensic examiner training focused on Basic Computer Forensic Examiner (BCFE) training held by the International Association of Computer Investigative Specialists (IACIS) in Orlando, Florida.  The event attracted hundreds of corporate security, university and law enforcement officers from around the United States, as well as various officials from the Department of Defense and federal agencies.

Digital forensic experts understand the importance of remembering to perform a RAM Capture on-scene so as to not leave valuable evidence behind.  Capturing volatile data in a computer's memory dump enables investigators and examiners to do a full memory analysis and access data including:

There are many cases where time is critical in a police investigation. This is increasingly true in a world where digital evidence can be an essential element in capturing a suspect or solving a crime. Digital data can implicate or clear suspects and utilizing digital evidence to your investigative advantage can allow you to act quickly while on-scene.

Starting digital investigations while at the scene has become increasingly important in fluid crime situations such as terrorism threats, active shooter situations, gang activity or sex trafficking. Field digital forensic investigations (a.k.a. field triage) can also be useful in CyberTip investigations or any crime where a digital device may have photos, video, audio, or other data that could be useful in identifying suspects, victims or protecting evidence.

Today, ADF is announcing the release of new digital forensic software versions for our products: 

• Digital Evidence InvestigatorⓇ (DEI) version 1.3.0 
• Triage-InvestigatorⓇ version 4.3.0
• Triage-G2Ⓡ version 4.3.0

"In summary, I would say DEI is one of the more intuitive tools I've used, because it guides you through your investigation step by step and could easily be used without much training" ...Read the full 2018 Forensic Focus Review of ADF's Digital Evidence Investigator tool.