Digital-evidence-investigator

Getting ready to work off site, out of the lab, out of your office, and in someone else's domain is never an easy task. Whether it's a search warrant, in a client's office, suspect's residence, or some other off-site location, being prepared is the key to your success as a digital forensic investigator.

Are you ready for a big one? Anticipating what your evidence collection needs will be while you are on-scene includes trying to ascertain how many electronic devices you will encounter. ADF makes it easy for you to be prepared. 

Anyone who is charged with a "knock and talk" or executing a search warrant knows that the ability to overcome and adapt on-scene is vital to a successful outcome. This is what drove ADF to empower investigators to be able to create a digital evidence Collection Key (CKY). 

Learn how to easily remove CSAM images and other properties from view

One of the most important factors in a child exploitation investigation, is having the ability to show a report to a colleague, co-worker, prosecutor, or present to present your findings in court without re-victimizing the subject of the photo, or shocking the sense of the viewer of the report. Having a professional report that still reflects the properties that need to be presented is essential to your case.

As digital technology becomes more advanced, the potential for its criminal application is magnified. This can result in overwhelming amounts of digital data for law enforcement to inspect in a limited timeframe. Although opportunities to find digital evidence on a perpetrator's or victim's computer may be numerous, the time it takes to search through such vast quantities of data contributes to the issue of growing forensic backlogs. 

Digital Evidence Investigator Certified User Training is now available online as self-paced learning. This class was built to serve individuals and agencies that want the benefit of getting DEI Certified User credentials from ADF Solutions. 

Learn how to use the ADF Quick Saved Credentials Profile to uncover Web credentials in this short video tutorial. Collecting saved credentials quickly gives investigators access to accounts that may have previously been unknown and allows investigators to request preservation orders and search warrants.  

ADF's Quick - Saved Credentials profile is a powerful digital forensic triage profile that extracts the usernames and passwords from Web Browsers. It is the only Search Profile that may trigger the anti-virus on the machine.

Today’s smartphones, tablets, and computers are faster, smarter, and capable of holding more and more data than ever before. They offer more storage and the ability to connect to the cloud and to Internet of Things (IoT) devices.  

Faced with more and more data, more and more police forces are adopting forensic triage methodologies to handle digital evicence on-scene, in the lab, or both in the field and lab. 

Today’s investigators and prosecutors are very familiar with the extreme difficulty in child exploitation cases: getting through your forensic backlog to get to the data in time. Law enforcement officers routinely report that a lack of technology which, combined with stringent time limits, can severely restrict their ability to check devices in a timely manner. ADF understands that digital forensic examinations can be both costly and time-consuming, which hampers investigations into suspects that have downloaded or participated in Child Sexual Abuse Material (CSAM). 

ADF Solutions Introduces Field Investigator™ for Teams

There’s a new way to give digital forensic examiners control of investigations and empower non-technical front-line investigators. Meet Field Investigator™ for Teams, the best way to deploy digital forensic triage capabilities to agents for on-scene digital evidence collection and analysis.

It's a known issue that many agencies and departments are facing worldwide; how to fight and reduce backlog to stay up to date on cases so that they don't get stale. It's a serious issue, but we at ADF can show you a few ways to fight in-house forensic backlog with digital forensic triage.

Nearly 1,000 homicide investigators from across California gathered this week at the 51st annual California Homicide Investigator (CHIA) Conference in Las Vegas, Nevada. The 3-day training event, sponsored by ADF, featured case presentations and investigator training from leading prosecutors and investigators. 

ADF computer triage has long been admired for some of the best digital forensic triage capabilities on the market. Since 2006, ADF digital forensic experts have been building triage tools to empower investigators to quickly collect evidence and on-scene intelligence from computers and digital devices.

Looking to add key words on-scene? ADF has you covered. In this how-to video, investigators and analysts will learn how to add keywords directly from the Collection Key. As a digital evidence investigator, ADF provides the ability to create a collection key with or without Search Profiles and add keywords just before the start of a scan.

Our digital forensic specialist knows that as someone who used to go out and execute search warrants and conduct knock and talks, the ability to overcome and adapt on-scene is vital to a successful outcome. In this how-to video, Rich explains how to create a Collection Key without Search Profiles and how to add keywords prior to starting a scan from the Collection Key. 

This blog post will feature our Settings page, and tips and tricks to understanding it. The first thing users will notice on the settings page is the Backed-Up Licenses. This displays all licenses that have been backed up on this computer. When selecting a license it will display all the information pertaining to that license and also enable users to delete the license from the backed up licenses folder. Additionally, the information here can be used when making a support call or using the support portal.

Our newest How-To video will cover how to image from either the Desktop tool or the USB device (Collection Key) on a Boot and Live Scan. 

When using ADF tools to collect files, either by File Properties, Hashes, or Keywords, ADF tools provide  three methods for file identification:

With ADF digital forensic software tools, it's possible to scan multiple devices simultaneously and have them as part of one scan. However, there are some items we need to keep in mind when preparing to scan multiple devices.

When your case is complete and it comes time to archive your case,  the best method is to archive with the Stand Alone Viewer, located within reporting.

Software updates are something we look forward to, and when we receive that new download from our go-to tool, it makes the day even more special.  When it comes time to upgrade or re-install ADF software, as a user, you do not want your data to be lost after either the software upgrade or when selecting a new Search Profile folder.

When you first start the ADF application you will notice the tool will look to see if any new data needs to be merged or migrated.

With the ever-increasing amount of digital photo evidence, it's nearly impossible for investigators to quickly review photo evidence in a timely manner. Enter ADF Photo Probability for on-scene triage and digital investigations; one of the ways that ADF helps reduce the "noise" in a case and helps you get to the evidence faster.

The 2020 Northwest Regional ICAC Conference, has been announced for October 5-9, 2020. The conference is a multi-state, multi-disciplinary Internet Crimes Against Children event which provides training to prosecutors, digital forensic examiners, sheriffs, police investigators and ICAC Task Force members.  

ADF digital forensic software comes with approximately a dozen out-of-the-box default search profiles designed to make it quick and easy for non-technical field investigators to quickly search for digital evidence. 

In this short How To video, you'll learn how to import and export an ADF digital forensic Search Profile. This allows investigators to create a Custom Search Profile on one computer and export it so that it is available to be imported into another installation on another computer so forensic examiners or senior investigators can create and share profiles with:

October 2019 kicks off with the 5th Annual Northwest Regional ICAC Conference, a multi-state, multi-disciplinary event designed to provide lecture and lab training to prosecutors, digital forensic lab examiners, and law enforcement investigators focused on the investigation and prosecution of technology and Internet facilitated crimes against children. 

In this short How To video, digital forensic specialist Rich Frawley, will show you how to collect and share digital evidence files with prosecutors and third parties using ADF Software. This video is ideal for learning how to share evidence with prosecutors for review. 

In this short 4-minute digital forensic "How To" video, ADF forensic specialist, Rich Frawley, shows you how to conduct a boot scan of a MacBook Air with APFS & FileVault2 enabled.

Digital Evidence Investigator is built for front-line field investigators and lab examiners who need to do digital forensic investigations on Mac, Linux, or Windows. Combined with Mobile Device Investigator, Digital Evidence Investigator PRO gives you all the best computer forensic capabilities along with iOS and Android mobile forensics in a single affordable forensic tool. 

In this short video ADF's Digital Forensic Specialist, Rich Frawley, demonstrates the installation process for DEI and DEI PRO, on an offline computer that does not have Internet access. You can refer to our Technical Specifications for minimum requirements and supported Operating Systems.

Digital Evidence Investigator is built for front-line field investigators and lab examiners who need to do digital forensic investigations on Mac, Linux, or Windows. Combined with Mobile Device Investigator, Digital Evidence Investigator PRO gives you all the best computer forensic capabilities along with iOS and Android mobile forensics in a single affordable forensic tool. 

In this short video ADF's Digital Forensic Specialist, Rich Frawley, demonstrates the installation process for DEI and DEI PRO, on a computer that has Internet access. You can refer to our Technical Specifications for minimum requirements and supported Operating Systems.

Fast investigations require rapid access to evidence. ADF software enables investigators to quickly view the links of artifacts captured from a target device so you can easily understand a user's activities. 

In this short 5 minute video, you'll learn how to filter digital forensic scan results in ADF software. Filtering is available in any table while analyzing any of your scan results. In this how-to video, we'll look at:

Investigators can leverage ADF digital forensic software on the front-line to investigate and prosecute child exploitation cases

Front line investigators and digital forensic examiners are encountering an ever increasing number of images in almost every investigation they perform. This exponential growth in the volume of images can challenge investigators searching for illicit online activity, Child Sexual Abuse Material (CSAM), extremist propaganda, or other types of image content. 

In this short video, ADF digital forensic specialist, Rich Frawley, demonstrates ADF's digital forensic image recognition and classification capabilities. 

ADF digital forensic tools come with out-of-the-box Search Profiles. In this short video, you'll learn how to use Digital Evidence Investigator PRO to demonstrate how to create a search profile.

Technology has become more powerful and portable, allowing a more significant amount of information to be created, stored, and accessed. This shift in the information technology landscape (mobile, cloud, IoT, etc.) has made the collection and analysis of digital evidence a critical factor in investigating and solving virtually all types of crimes. 

There are serious Internet related crimes, that need to be investigated quickly, child exploitation related offenses for instance. For example, in the United Kingdom, the National Crime Agency recently estimated that about 140,000 out of nearly 3 million registered dark web accounts registered on child abuse sites are UK-based.

When making decisions on scene it is critically important for an investigator to scan and analyze the Operating System Drive or Partition, or what is commonly referred to as the C:\ drive. ADF digital forensic software tools give investigators out-of-the-box Search Profiles designed to quickly scan and analyze OS partitions with targeted paths that would not be present on a non OS partition.

If you come across a non OS drive or partition, a storage partition, or external storage drive, instead of using the built-in Comprehensive Search Profiles, you can create a Custom Search Profile for non operating system drives using Digital Evidence Investigator^®. 

The 2019 Techno Security & Digital Forensics Conference in Myrtle Beach, South Carolina will take place June 2-5 at the Marriott Resort & Spa at Grande Dunes.  Attendees will have the ability to receive Continuing Professional Education Credits (CPE) depending on their organization. 

Nearly 1,000 attendees are expected to attend with more than 100 sessions by about as many speakers.  We recommend you select the full conference pass which gives you access to the keynote address, all sessions, the exhibit hall (50+ exhibitors) and networking receptions, breakfast and refreshment breaks on Monday, Tuesday and Wednesday as well as lunch on Monday and Tuesday.  

With a record number of attendees, speakers and exhibitors, the 2019 National Cyber Crime Conference organized by Massachusetts Attorney General Maura Healey's office this past week was a huge success with law enforcement professionals from 38 states, Canada, the UK and Africa. 

The NCCC event was especially important to ADF since it's our first major conference of the year and it's where we officially launched our new Mobile Device Investigator™ for iOS and Android investigations.  Our launch featured a demo by our digital forensic specialist, Rich Frawley who joined ADF after 22 years in law enforcement. 

Digital Evidence Investigator^® gives investigators the ability to customize Search Profiles and determine exactly what and where you want to look for digital evidence. This is especially convenient when looking to tailor a search for a forensic triage type scan or a targeted collection. This is accomplished by using the Targeted Folders Option when creating a custom file capture.

ADF Solutions’ New Software Delivers Forensic Capabilities to Police and Investigators

Bethesda, Maryland: ADF Solutions, the leading provider of automated forensic software for investigators and lab examiners, today announced the release of Mobile Device Investigator® the newest forensic software to investigate iOS and Android devices.  Qualified professionals can request a free trial of Mobile Device Investigator™ at www.tryadf.com.

When conducting an investigation, it is important to be flexible and follow the direction of your investigation with as few obstacles as possible. If your examination brings you a new file type, such as a video generated by a hand held camera, or a proprietary file created by a unique software, you want to be able to search for, or collect these files types right away either on-scene or back in the lab.

ADF offers the best digital forensic solution for getting relevant data from an Apple Mac laptop or desktop running APFS since it is easy to use and offers investigators a quick and easy way to collect and analyze evidence.  In this short 3-minute video, ADF's digital forensic specialist, Rich Frawley shows how to boot a MacBook Air (APFS, non-encrypted) with Digital Evidence Investigator.

When conducting digital forensic investigations that involve live (up and running) computers, it is imperative to collect volatile memory so that all your bases covered and so that no vital evidence is lost.  A live analysis conducted in the correct manner will yield the results you are looking for in your investigation.  It has become commonplace and an accepted practice to collect data from a live computer, especially in cases of child exploitation. ADF software makes it easy for detectives and investigators to perform a RAM capture in the proper manner with as little intrusion as possible.

As a forensic investigator, there will come a time when you will come across the occasional computer that is difficult to get to the HDD and it may be encrypted by default, such as the Microsoft Surface Pro. In this short video, you'll learn how to easily conduct a boot scan of a Microsoft Surface Pro with Bitlocker activated.

Of all the investigations that a law enforcement agency may undertake, there may be none as difficult to deal with as crimes perpetrated against minors. The proliferation of online child exploitation material continues to be an issue worldwide, from child pornography to the facilitation of human trafficking. Luckily, investigators are not having to combat this problem alone thanks to industry solutions like those provided by ADF Solutions and the organizations below.  

Whether you are preparing to go on-scene or you are in your digital forensic lab getting ready to perform triage or one or more digital forensic scans, this video tutorial will show you how you can easily create a keyword capture and add keywords to a Search Profile.  We begin from when you have started to create a Custom Search Profile and want to add your own unique keywords.

ADF software lets investigators and examiners search for files by keyword(s) using substrings or regular expressions.  ADF software allows you to search for keywords in all file and folder names, file content and metadata, and artifact records from other captures.

ADF digital forensic software including Digital Evidence Investigator^® (DEI) and Triage-Investigator^® come with out-of-the-box default Search Profiles. In this short video tutorial, we use Digital Evidence Investigator to demonstrate "What is a Search Profile?".

In DEI the Search Profiles are maintained in the Setup Scans Menu option. The Search Profile, when run, will collect the information selected within the Search Profile. Search Profiles will run from the desktop application or from the collection key on a Live or Boot scan.

Learn how to conduct a Windows live scan with ADF Solutions Digital Evidence Investigator.  Two USB ports are required to complete a scan, one for the Collection Key and one for the Authentication Key, once the scan has started the Authentication Key can be removed. A USB hub may be used in cases where the target computer only has one USB port. 

When running a live scan from a Collection Key it is possible to create a RAM dump of the computer. RAM dumps can then be analyzed with appropriate software (e.g. Volatility). 

When you're faced with a mountain of digital evidence, how do you start sifting through it? For law enforcement, litigation support, and incident response agencies organizing and prioritizing digital media and electronically stored information (ESI) is crucial.

Adopting an Early Case Assessment (ECA) methodology helps expedite and improve overall case efficiency and productivity; reducing backlogs and increasing turnaround times.

With the ever increasing demand for law enforcement to learn how to treat digital evidence and the growing demand for qualified digital forensic analysts, forensic examiners, and corporate investigators, it's important to find the best digital forensic training. 

We like training taught by instructors with deep experience in digital forensics, and preferably by instructors that have years of relevant law enforcement experience.  

That's why we recommend ADF Digital First Responder^® training, taught by digital forensic experts that spent years in law enforcement investigation. The 8-16 hour training includes online self-paced learning for the following digital forensic tools: 

• Mobile Device Investigator
• Digital Evidence Investigator
• Triage Investigator
• Triage-G2 with the Rosoka Add-on 

In addition to vendor specific training, there are plenty of options from law enforcement and digital forensic experts. One of the best sources for Digital Forensic Training is often at digital forensic conferences, which are now increasingly available online as virtual events with live and recorded training. 

See our list of the Best 2021 Digital Forensic Conferences.

The best tools for rapid digital forensic investigations just got better with ADF's release of new software versions to support the collection of artifacts with Mac OS Mojave Forensics and MacOS High Sierra as well as from Windows. 

ADF's New Forensic Software Empowers Investigators and Prosecutors

ADF Solutions, the leading provider of automated forensic software for investigators and lab examiners, announced today the release of new software versions 1.4 for Digital Evidence Investigator^Ⓡ, and versions 4.4 for Triage-Investigator^Ⓡ, and Triage-G2^Ⓡ software.  

"We are very excited to be the first digital forensic software to parse macOS Mojave log files natively under Windows strengthening our macOS support", stated Raphael Bousquet, CTO, and co-founder of ADF Solutions. "In our world of fast and efficient forensic analysis, we strive to reduce data noise for the investigator. The addition of picture and video classification is a great step in the right direction!"

A precise timeline view links user activities with pictures, videos, and files of interest so investigators can quickly build a digital forensic report to share with prosecutors or other investigators.  The new version leverages enhanced automation and enables investigators to run in-depth digital forensics scans quickly.  The highlights of this new release for the investigative and forensic community include:

October 26, 2018 is the inaugural National Financial Crime Fighter Day created by Banker's Toolbox as a way to honor and celebrate the critically important work done by financial crime fighters and professionals who work every day to protect our financial system. 

What's the fastest, easiest way to perform RAM Dump? While there are many tools and techniques available to examiners for recovering data from volatile memory, ADF Digital Evidence Investigator^®, Triage-Investigator^®, and Triage-G2^® are fast and easy. 

A simple 2-step process lets even the most non-technical field investigators or highly trained digital forensic examiners quickly perform a RAM capture when running a live scan on the computer from a collection key: 

1. Click "Create RAM Dump" from the main menu
2. The RAM Dump will be saved to the collection key as a .bin file and then zipped

This October kicks off with the fourth annual Northwest Regional ICAC Conference, a multi-state, multi-disciplinary event designed to provide lecture and lab training to prosecutors, digital forensic examiners, and law enforcement investigators focused on the investigation and prosecution of technology facilitated crimes against children. 

A criminal forensic lab located in one of the largest U.S. Federal agencies was working on an extensive child exploitation case and had seized 37 total hard drives that contained over 38 terabytes of data. The case was high profile and the forensic team had a short window of time to examine the contents of the confiscated drives. Technical resources were limited and imaging drives and conducting traditional forensic examinations would be very time consuming. With the amount of data that needed to be searched, the investigators realized that it could potentially be weeks before the examinations were complete and the case could move forward. In addition the case would require significant disk storage space to hold all of the images.

ADF Authorized Partner, CBIT Digital Forensics Services, based in Australia will be hosting J.J. Wallia, C.E.O and co-founder of ADF Solutions, for a presentation on the latest version of Digital Evidence Investigator^® – plus a free half-day training session with Certified ADF Instructor Zoran Iliev using ADF Solutions to accelerate Digital Forensic investigations.

Join ADF Digital Forensic Specialist, Rich Frawley as he presents "On-Scene Digital Investigation Best Practices: From Search Warrant to Court Ready Paperwork" at the Techno Security & Digital Forensics conference in San Antonio, Texas.  The Techno event is a follow up to the top rated Techno Security & Digital Forensics Myrtle Beach event earlier this year where ADF was a Gold Sponsor.  

Rich Frawley, ADF Digital Forensic Specialist will be presenting "On-Scene Digital Investigation Best Practices: From Search Warrant to Court Ready Paperwork" at the Federal Law Enforcement Training Center in Glynco, Georgia this week.  

With eleven (11) out-of-the-box Search Profiles inside Digital Evidence Investigator^® (DEI), the ADF Digital Forensic team has created software that enables investigators and forensic examiners to obtain the digital evidence needed in a wide variety of evidence collection situations. 

This week, hundreds of cyber security and digital forensic experts gathered in Myrtle Beach, South Carolina to participate in the Techno Security and Digital Forensics Conference. The event hosted at the Marriott Resort & Spa at Grande Dunes offered attendees the ability to receive Continuing Professional Education Credits (CPE) depending on their organization. 

ADF was delighted to sponsor certified forensic examiner training focused on Basic Computer Forensic Examiner (BCFE) training held by the International Association of Computer Investigative Specialists (IACIS) in Orlando, Florida.  The event attracted hundreds of corporate security, university and law enforcement officers from around the United States, as well as various officials from the Department of Defense and federal agencies.

A long, long time ago in a galaxy far far away
(2006 to be exact and the galaxy was Maryland USA)
It was a period of innovation.
Computers, USBs, all kinds of devices ... 
Some people were committing digital crimes
from their seemingly hidden bases in the digital world. 

Digital forensic experts understand the importance of remembering to perform a RAM Capture on-scene so as to not leave valuable evidence behind. Capturing volatile data in a computer's memory dump enables investigators and examiners to do a full memory analysis and access data including:

There are many cases where time is critical in a police investigation. This is increasingly true in a world where digital evidence can be an essential element in capturing a suspect or solving a crime. Digital data can implicate or clear suspects and utilizing digital evidence to your investigative advantage can allow you to act quickly while on-scene.

Starting digital investigations while at the scene has become increasingly important in fluid crime situations such as terrorism threats, active shooter situations, gang activity or sex trafficking. Field digital forensic investigations (a.k.a. field triage) can also be useful in CyberTip investigations or any crime where a digital device may have photos, video, audio, or other data that could be useful in identifying suspects, victims or protecting evidence.

Today, ADF is announcing the release of new digital forensic software versions for our products: 

• Digital Evidence InvestigatorⓇ (DEI) version 1.3.0 
• Triage-InvestigatorⓇ version 4.3.0
• Triage-G2Ⓡ version 4.3.0

"In summary, I would say DEI is one of the more intuitive tools I've used, because it guides you through your investigation step by step and could easily be used without much training" ...Read the full 2018 Forensic Focus Review of ADF's Digital Evidence Investigator tool.