Forensic-triage

There are many ways to learn digital forensics. From Certified Training to short How-To videos designed to teach you skills in just a few minutes. One of our favorite forms of learning, however, is our one-hour digital forensic best practices webinars led by our Director of Training, Richard T. Frawley. Rich spent 22 years in law enforcement. Most of that time was as a digital forensic analyst. Here are some of our favorite learning webinars from this year:

Within ADF software and forensic triage products, including Digital Evidence Investigator, Triage-Investigator, or Triage-G2, an investigator can quickly find Dark Web traces. This can be done in Quick Profiles but in this video, Rich Frawley shows how to use an Intermediate Profile to triage a suspect machine to identify Dark Web traces. These can be found in ADF's Anti-Forensic Traces Capture. 

In this 3-minute "How To" video, you'll learn the benefits of having a digital forensic triage process that works from field to lab. Using ADF digital forensic tools, examiners can prepare field investigators to find digital evidence and intelligence on mobile phones, tablets, computers, and storage devices starting on-scene. 

On-scene, it can be impractical for investigators to seize all the digital devices they locate so investigators that are able to triage on-scene only seize devices with relevant data.

Without digital forensic triage, investigators have to collect every device. 

At the scene of any crime or incident it is important to protect and collect evidence. There are different types of evidence, including physical and digital. ADF Solutions focuses on retrieving digital evidence from devices starting on-scene. 

Digital Forensic Triage is the process of finding digital evidence important for investigations.

Crimes against children investigations can lead CSAM investigators to have to review thousands or even tens of thousands of images. Investigators need tools to help them find relevant evidence quickly. 

ADF Authorized Partner, First Digital & Techno-Law Forensics and the Computer Forensics Institute of Nigeria are hosting the International Digital, Mobile and Computer Forensics Conference & Training Expo as a virtual edition.

The conference, also known as DIGIFOR2020 will be held September 23-25, 2020 and will feature sessions including:

ADF prioritizes digital evidence collection and provides investigators and examiners post-scan options to speed investigations. Post scan options let digital forensic investigators get fast and relevant evidence to make decisions on-scene and in the forensic lab.

Are you ready for a big one? Anticipating what your evidence collection needs will be while you are on-scene includes trying to ascertain how many electronic devices you will encounter. ADF makes it easy for you to be prepared. 

Anyone who is charged with a "knock and talk" or executing a search warrant knows that the ability to overcome and adapt on-scene is vital to a successful outcome. This is what drove ADF to empower investigators to be able to create a digital evidence Collection Key (CKY). 

Two of the biggest factors law enforcement officers face today are how they handle a dangerous situation and how quickly they can that situation. When lives are on the line, one of the major obstacles in resolving that situation is a lack of information.

Document and Media Exploitation (DOMEX) requirements cover a wide range of objectives, goals, and users. This includes digital forensics, rapid assessment (or forensic triage) of digital data and devices, collection of data on devices to bagging and tagging of devices.  

As digital technology becomes more advanced, the potential for its criminal application is magnified. This can result in overwhelming amounts of digital data for law enforcement to inspect in a limited timeframe. Although opportunities to find digital evidence on a perpetrator's or victim's computer may be numerous, the time it takes to search through such vast quantities of data contributes to the issue of growing forensic backlogs. 

What is CEM

In Australian states and territories, CEM refers to “Child Exploitation Material”, otherwise known as child abuse material, child sexual abuse material (CSAM), and child pornography. For digital forensic examiners, telecommunications-based child exploitation includes viewing, copying, downloading, sending, exchanging, soliciting, and making CEM. 

One year ago today, we launched Mobile Device Investigator^Ⓡ (MDI), ADF’s powerful mobile phone forensic software that allows anyone, from seasoned investigators to non-technical team members, to quickly conduct iOS and Android investigations in the field. Using MDI, investigators can acquire evidence fast and return devices to cooperating witnesses on-scene, and triage devices that need to be seized and brought back to the forensic lab. 

Today’s investigators and prosecutors are very familiar with the extreme difficulty in child exploitation cases: getting through your forensic backlog to get to the data in time. Law enforcement officers routinely report that a lack of technology which, combined with stringent time limits, can severely restrict their ability to check devices in a timely manner. ADF understands that digital forensic examinations can be both costly and time-consuming, which hampers investigations into suspects that have downloaded or participated in Child Sexual Abuse Material (CSAM). 

ADF Solutions Introduces Field Investigator™ for Teams

There’s a new way to give digital forensic examiners control of investigations and empower non-technical front-line investigators. Meet Field Investigator™ for Teams, the best way to deploy digital forensic triage capabilities to agents for on-scene digital evidence collection and analysis.

It's a known issue that many agencies and departments are facing worldwide; how to fight and reduce backlog to stay up to date on cases so that they don't get stale. It's a serious issue, but we at ADF can show you a few ways to fight in-house forensic backlog with digital forensic triage.

ADF Solutions Releases New Digital Forensic Software to Power Field Investigations

Triage digital evidence with a single license for smartphones, tablets, and computers

ADF Solutions, the leading provider of automated forensic software for investigators and lab examiners, today announced new software versions for Digital Evidence Investigator^Ⓡ, Triage-Investigator^Ⓡ,  Triage-G2^Ⓡ, and Mobile Device Investigator^Ⓡ software.

ADF Solutions is proud to announce that we have joined forces with Carahsoft, the leading government IT Solutions provider as an authorized reseller of our products.

Triage- the word is normally associated with hospitals, where doctors and nurses prioritize patients’ treatments based on the severity of their condition. The concept has been around since the Napoleonic wars and is responsible for saving innumerable lives ever since.

When making decisions on scene it is critically important for an investigator to scan and analyze the Operating System Drive or Partition, or what is commonly referred to as the C:\ drive. ADF digital forensic software tools give investigators out-of-the-box Search Profiles designed to quickly scan and analyze OS partitions with targeted paths that would not be present on a non OS partition.

If you come across a non OS drive or partition, a storage partition, or external storage drive, instead of using the built-in Comprehensive Search Profiles, you can create a Custom Search Profile for non operating system drives using Digital Evidence Investigator^®. 

ADF offers the best digital forensic solution for getting relevant data from an Apple Mac laptop or desktop running APFS since it is easy to use and offers investigators a quick and easy way to collect and analyze evidence.  In this short 3-minute video, ADF's digital forensic specialist, Rich Frawley shows how to boot a MacBook Air (APFS, non-encrypted) with Digital Evidence Investigator.

As a forensic investigator, there will come a time when you will come across the occasional computer that is difficult to get to the HDD and it may be encrypted by default, such as the Microsoft Surface Pro. In this short video, you'll learn how to easily conduct a boot scan of a Microsoft Surface Pro with Bitlocker activated.

Learn how to conduct a Windows live scan with ADF Solutions Digital Evidence Investigator.  Two USB ports are required to complete a scan, one for the Collection Key and one for the Authentication Key, once the scan has started the Authentication Key can be removed. A USB hub may be used in cases where the target computer only has one USB port. 

When running a live scan from a Collection Key it is possible to create a RAM dump of the computer. RAM dumps can then be analyzed with appropriate software (e.g. Volatility). 

When you're faced with a mountain of digital evidence, how do you start sifting through it? For law enforcement, litigation support, and incident response agencies organizing and prioritizing digital media and electronically stored information (ESI) is crucial.

Adopting an Early Case Assessment (ECA) methodology helps expedite and improve overall case efficiency and productivity; reducing backlogs and increasing turnaround times.

In the early 18th century, triage was used to refer to the action of sorting items according to quality and was taken from the French word trier which means to sort, separate out or cull. 

>> Continue reading or watch the Benefits of Triage webinar recording. 

In 2009, the number of backlogged digital evidence requests in publicly funded forensic crime labs was 1,600. By the end of 2014, that number had risen to 7,800. While that's tiny in comparison to the total number of backlogged evidence requests (over 570,000 in 2014!), every one of those requests is associated with a case that affects real people. This is why we love forensic triage, and why you should too.

Join ADF Solutions for a webinar hosted by the National White Collar Crime Center (NW3C), a nonprofit, membership-affiliated organization comprised of state, local, federal and tribal law enforcement and prosecutorial and regulatory agencies.  

NW3C provided a nationwide support system for law enforcement and regulatory agencies involved in prevention, investigation and prosecution of economic and high-tech crime.  Support is delivered via training in computer forensics, cyber and financial crime investigations and intelligence analysis as well as original research on and analytical technical support for investigating and prosecuting white collar and related crimes. 

January 2019 is National Slavery and Human Trafficking Prevention Month

Human trafficking has been a federal crime in the United States since The Trafficking Victims Protection Act of 2000 was passed into law as a federal statute.  Each year since 2010 has been designated National Slavery and Human Trafficking Prevention Month with January 11th each year being observed as National Human Trafficking Awareness Day. 

Military and intelligence officers process an ever-increasing amount of data from which they need to gather actionable intelligence. This data comes from a variety of devices seized in combat operations or during an investigation.  

Document and Media Exploitation (DOMEX) is the "collection and exploitation of captured equipment, documents, and media to generate actionable intelligence." DOMEX analysis helps officers, special forces, and field operatives on the front lines complete a holistic picture of the intelligence available to them at the time. 

During a criminal investigation, prioritizing the evidence is paramount to your success as an investigator. Filtering what is critical to the case and what isn't is the difference between the success and failure of an investigation. 

Forensic triage - sometimes referred to as "digital forensic triage" - is the process by which you collect, assemble, analyze, and prioritize digital evidence from a crime or investigation.

One of the reasons that investigators choose ADF software as their primary triage tool is because it can be used standalone or in conjunction with traditional forensic software.  Forensic Triage is ideal for front-line investigators because it's fast, easy-to-use, and can net results in situations where time matters. Deployed in a forensic lab, triage software can reduce forensic backlogs and allow forensic examiners to prioritize deep dive forensic investigations.

The term triage naturally brings to mind a medical emergency where you need to get in quickly, assess the damage and deal with the most serious problems first. Digital forensic triage has the same application but it's applied to a crime scene or investigation which involves computers or other digital media. Standard forensic methods normally take place in a forensic lab where a trained forensic examiner would perform a complete examination. Digital triage is a front line step in saving time and reaching satisfactory results faster.

ADF triage performance is fast -- built to be under two minutes for certain scans. Digital forensic triage speed and performance can vary based on a number of factors including the triage software you are using, the search criteria you choose, the suspect hardware configuration, and how much you know about what you are looking to understand in your investigation.

The best tools for rapid digital forensic investigations just got better with ADF's release of new software versions to support the collection of artifacts with Mac OS Mojave Forensics and MacOS High Sierra as well as from Windows. 

A criminal forensic lab located in one of the largest U.S. Federal agencies was working on an extensive child exploitation case and had seized 37 total hard drives that contained over 38 terabytes of data. The case was high profile and the forensic team had a short window of time to examine the contents of the confiscated drives. Technical resources were limited and imaging drives and conducting traditional forensic examinations would be very time consuming. With the amount of data that needed to be searched, the investigators realized that it could potentially be weeks before the examinations were complete and the case could move forward. In addition the case would require significant disk storage space to hold all of the images.

Last week, leaders from the military, special operations and industry gathered together in Tampa, Florida for the 2018 Special Operations Forces Industry Conference (SOFIC) and Exhibition.  The event, sponsored by the National Defense Industrial Association (NDIA) emphasized the USSOCOM Commander's vision to "Win - Transform - People" and was joined by international military members from US partner nations.