ADF News

As a forensic investigator, there will come a time when you will come across the occasional computer that is difficult to get to the HDD and it may be encrypted by default, such as the Microsoft Surface Pro. In this short video, you'll learn how to easily conduct a boot scan of a Microsoft Surface Pro with Bitlocker activated.

Learn how to conduct a Windows live scan with ADF Solutions Digital Evidence Investigator.  Two USB ports are required to complete a scan, one for the Collection Key and one for the Authentication Key, once the scan has started the Authentication Key can be removed. A USB hub may be used in cases where the target computer only has one USB port. 

When running a live scan from a Collection Key it is possible to create a RAM dump of the computer. RAM dumps can then be analyzed with appropriate software (e.g. Volatility). 

When you're faced with a mountain of digital evidence, how do you start sifting through it? For law enforcement, litigation support, and incident response agencies organizing and prioritizing digital media and electronically stored information (ESI) is crucial. Adopting an Early Case Assessment (ECA) methodology helps expedite and improve overall case efficiency and productivity; reducing backlogs and increasing turnaround times.

In the early 18th century, triage was used to refer to the action of sorting items according to quality and was taken from the French word trier which means to sort, separate out or cull. 

>> Continue reading or watch the Benefits of Triage webinar recording. 

In 2009, the number of backlogged digital evidence requests in publicly funded forensic crime labs was 1,600. By the end of 2014, that number had risen to 7,800. While that's tiny in comparison to the total number of backlogged evidence requests (over 570,000 in 2014!), every one of those requests is associated with a case that affects real people. This is why we love forensic triage, and why you should too.

Join ADF Solutions for a webinar hosted by the National White Collar Crime Center (NW3C), a nonprofit, membership-affiliated organization comprised of state, local, federal and tribal law enforcement and prosecutorial and regulatory agencies.  

NW3C provided a nationwide support system for law enforcement and regulatory agencies involved in prevention, investigation and prosecution of economic and high-tech crime.  Support is delivered via training in computer forensics, cyber and financial crime investigations and intelligence analysis as well as original research on and analytical technical support for investigating and prosecuting white collar and related crimes. 

The Benefits of Triage: How to Quick Start Your Digital Investigation

January 2019 is National Slavery and Human Trafficking Prevention Month

Human trafficking has been a federal crime in the United States since The Trafficking Victims Protection Act of 2000 was passed into law as a federal statute.  Each year since 2010 has been designated National Slavery and Human Trafficking Prevention Month with January 11th each year being observed as National Human Trafficking Awareness Day. 

Military and intelligence officers process an ever-increasing amount of data from which they need to gather actionable intelligence. This data comes from a variety of devices seized in combat operations or during an investigation.  

Document and Media Exploitation (DOMEX) is the "collection and exploitation of captured equipment, documents, and media to generate actionable intelligence." DOMEX analysis helps officers, special forces, and field operatives on the front lines complete a holistic picture of the intelligence available to them at the time. 

During a criminal investigation, prioritizing the evidence is paramount to your success as an investigator. Filtering what is critical to the case and what isn't is the difference between success and failure of an investigation. 

Forensic triage - sometimes referred to as "digital forensic triage" - is the process by which you collect, assemble, analyze, and prioritize digital evidence from a crime or investigation.

It's difficult to do this in a timely manner when you don't have the proper tools. Depending on the type of investigation, it's a process that can involve sorting through mountains of digital data. 

One of the reasons that investigators choose ADF software as their primary triage tool is because it can be used standalone or in conjunction with traditional forensic software.  Triage is ideal for front-line investigators because it's fast, easy-to-use, and can net results in situations where time matters. Deployed in a forensic lab, triage software can reduce forensic backlogs and allow forensic examiners to prioritize deep dive forensic investigations.

The term triage naturally brings to mind a medical emergency where you need to get in quickly, assess the damage and deal with the most serious problems first. Digital forensic triage has the same application but it's applied to a crime scene or investigation which involves computers or other digital media. Standard forensic methods normally take place in a forensic lab where a trained forensic examiner would perform a complete examination. Digital triage is a front line step in saving time and reaching satisfactory results faster.

ADF triage performance is fast -- built to be under two minutes for certain scans. Digital forensic triage speed and performance can vary based on a number of factors including the triage software you are using, the search criteria you choose, the suspect hardware configuration, and how much you know about what you are looking to understand in your investigation.

The best tools for rapid digital forensic investigations just got better with ADF's release of new software versions to support the collection of artifacts from macOS Mojave, in addition to macOS High Sierra and Windows. 

A criminal forensic lab located in one of the largest U.S. Federal agencies was working on an extensive child exploitation case and had seized 37 total hard drives that contained over 38 terabytes of data. The case was high profile and the forensic team had a short window of time to examine the contents of the confiscated drives. Technical resources were limited and imaging drives and conducting traditional forensic examinations would be very time consuming. With the amount of data that needed to be searched, the investigators realized that it could potentially be weeks before the examinations were complete and the case could move forward. In addition the case would require significant disk storage space to hold all of the images.

Last week, leaders from the military, special operations and industry gathered together in Tampa, Florida for the 2018 Special Operations Forces Industry Conference (SOFIC) and Exhibition.  The event, sponsored by the National Defense Industrial Association (NDIA) emphasized the USSOCOM Commander's vision to "Win - Transform - People" and was joined by international military members from US partner nations.