In this 3-minute "How To" video, you'll learn the benefits of having a digital forensic triage process that works from field to lab. Using ADF digital forensic tools, examiners can prepare field investigators to find digital evidence and intelligence on mobile phones, tablets, computers, and storage devices starting on-scene.
macOS Forensics: Live Scan Macs with T2 or M1 chips
May 18, 2021
Investigators can now scan all available Mac computers (including macs with T2 or M1 chips) with all types of encryption and virtual drives by running a remote agent that communicates with the desktop application. Now you can perform digital forensic triage on all Macs including
- macOS T2 chip
- macOS M1 chip
- Mac Fusion Drive
What is RAM Capture and Why does it Matter?
March 19, 2020
RAM, short for Random Access Memory, is physical hardware that temporarily stores data for quick read and write access. Think of RAM as a scratch pad you use while working; although all the information you need and may refer to is stored in a binder (in this analogy, your hard drive), the information on the scratch pad is what you are using and need right in the moment. With RAM, it is right there for you to access. While RAM helps with the speed and efficiency of the computer, it can all be lost in an instant as it is volatile.
How to Conduct a Live Forensic Scan of a Windows Computer
February 22, 2019
Learn how to conduct a Windows live scan with ADF Solutions Digital Evidence Investigator. Two USB ports are required to complete a scan, one for the Collection Key and one for the Authentication Key, once the scan has started the Authentication Key can be removed. A USB hub may be used in cases where the target computer only has one USB port.
When running a live scan from a Collection Key it is possible to create a RAM dump of the computer. RAM dumps can then be analyzed with appropriate software (e.g. Volatility).
