Triage-g2

Digital forensics has become an increasingly important tool for the military in combating cyber threats.

As early as 1984, the FBI Laboratory and other law enforcement agencies began developing programs to examine computer evidence [1]. Since the publication of ISO 17025 by the Scientific Working Group on Digital Evidence (SWGDE) which was centered around the best practices for computer forensics, standards and guidelines were established to help computer forensics investigators. It became clear that the proper computer forensic software needed to be produced to allow for the collection of data but also function with changing technology in our modern era. The right computer forensic software should allow for each stage of digital evidence collection to be completed successfully. Investigation's reliability is predominantly determined by the validity and correctness of computer forensic software tools and their application process [2]. This post will focus on computer forensic software tools and how they can be beneficial in the process of digital evidence collection. 

A long, long time ago in a galaxy far far away
(2006 to be exact and the galaxy was Maryland USA)
It was a period of innovation.
Computers, USBs, all kinds of devices ... 
Some people were committing digital crimes
from their seemingly hidden bases in the digital world. 

Cryptocurrency has expanded in use since it was created in 2009. The idea of creating a decentralized currency to avoid the regulation of banks and governments created a new avenue not only for criminals but also for terrorist organizations. Terrorists such as jihadists around the world have been trading crypto coins to purchase weapons and drugs to continue their attacks on innocent civilians.

ADF's Quick-Saved Credentials profile is a powerful profile that extracts the usernames and passwords from Web Browsers and is built so it will not trigger antivirus applications when attempting to collect web credentials. This makes the investigator's job easier on-scene, requires less interaction with the device, and allows for more records to be parsed thereby giving the computer forensic investigator the ability to quickly collect critical information for their investigation.

Learn how to use the ADF Quick Saved Credentials Profile to uncover Web credentials in this short 2-minute video tutorial. Collecting saved credentials quickly gives access to accounts that may have been previously unknown and allows investigators to do preservation orders and search warrants. 

ADF tools have the ability to scan all available Mac computers (M1 and T2 chips) with all types of encryption and virtual drives by running a remote agent that communicates with the desktop application. 

Welcome! You have a requirement or need and decided to evaluate one of the ADF products for your computer forensic, mobile forensic, or triage workflows. You have observed the videos and have most likely been through a demonstration or two and have a better understanding of the functionality you are looking for. We here at ADF Solutions want to make sure you get the most out of your evaluation, and that starts with a smooth transition to the evaluation phase.

During a criminal investigation, prioritizing the evidence is paramount to your success as an investigator. Filtering what is critical to the case and what isn't is the difference between the success and failure of an investigation. 

Forensic triage - sometimes referred to as "digital forensic triage" - is the process by which you collect, assemble, analyze, and prioritize digital evidence from a crime or investigation.

Within ADF software and forensic triage products, including Digital Evidence Investigator, Triage-Investigator, or Triage-G2, an investigator can quickly find Dark Web traces. This can be done in Quick Profiles but in this video, Rich Frawley shows how to use an Intermediate Profile to triage a suspect machine to identify Dark Web traces. These can be found in ADF's Anti-Forensic Traces Capture. 

The Encrypt backup feature in iTunes locks and encodes your information. In this short How To video, Director of Training, Rich Frawley shows investigators how to remove the known iTunes backup password, if required.

Investigators can now scan all available Mac computers (including macs with T2 or M1 chips) with all types of encryption and virtual drives by running a remote agent that communicates with the desktop application. Now you can perform digital forensic triage on all Macs including

• macOS T2 chip
• macOS M1 chip
• Mac Fusion Drive

Crimes against children investigations can lead CSAM investigators to have to review thousands or even tens of thousands of images. Investigators need tools to help them find relevant evidence quickly. 

Regular Expressions - (also known as "regex") are special strings representing a pattern to be matched in a search operation and they can be particularly useful in mobile and computer forensics investigations. 

One of the ways we allow investigators to find and focus on relevant evidence is by allowing investigators to customize and bring in a unique set of keywords using a substring or with regular expressions. ADF forensic tools also implement regular expression keywords in our trace captures and keyword lists. So why are Regular Expressions different from using regular keywords?

ADF digital forensic software is known for rapid file and artifact collection but we're also widely respected for our seamless user interface. No matter whether you are using Mobile Device Investigator, Triage-Investigator, Triage-G2, Digital Evidence Investigator or our PRO tools, ADF tools are designed to make it easy for investigators to quickly determine what to scan and how to scan it. 

Getting ready to work off site, out of the lab, out of your office, and in someone else's domain is never an easy task. Whether it's a search warrant, in a client's office, suspect's residence, or some other off-site location, being prepared is the key to your success as a digital forensic investigator.

Intelligence gathering is a discipline that's on a different playing field than your typical law enforcement search warrant or forensic triage examination. ADF's Triage-G2 and Triage-G2 PRO enable military field operatives to rapidly collect and exploit captured equipment, media and documents in theaters of operation around the world and reduce time on target for:

Are you ready for a big one? Anticipating what your evidence collection needs will be while you are on-scene includes trying to ascertain how many electronic devices you will encounter. ADF makes it easy for you to be prepared. 

Anyone who is charged with a "knock and talk" or executing a search warrant knows that the ability to overcome and adapt on-scene is vital to a successful outcome. This is what drove ADF to empower investigators to be able to create a digital evidence Collect

ion Key (CKY). 

Learn how to easily remove CSAM images and other properties from view

One of the most important factors in a child exploitation investigation, is having the ability to show a report to a colleague, co-worker, prosecutor, or present to present your findings in court without re-victimizing the subject of the photo, or shocking the sense of the viewer of the report. Having a professional report that still reflects the properties that need to be presented is essential to your case.

Tactical site exploitation requirements cover a wide range of objectives, goals, and users. This includes digital forensics, rapid assessment (or triage) of digital data and devices, collection of data on devices to bagging and tagging of devices. Users range from non-technical operators to technically trained forensic examiners. The most common devices that operators encounter today are mobile computing devices, mainly iOS and Android phones and tablets. 

Document and Media Exploitation (DOMEX) requirements cover a wide range of objectives, goals, and users. This includes digital forensics, rapid assessment (or forensic triage) of digital data and devices, collection of data on devices to bagging and tagging of devices.  

Military forward operators can benefit from text analysis and translation

ADF Solutions, the leading provider of sensitive site exploitation software, now includes the ability for military forward operators to leverage the power of text analysis to speed their investigations of structured and unstructured data in over 200 languages. 

Empowering front-line military operators and intelligence agents. 

When you find yourself looking for something to watch this season, you may find yourself scrolling through Netflix, Disney+ or Amazon Prime Video to find something to watch. Choosing what to watch while you relax in front of the TV or your computer can cause you to tense up before you’re able to settle back in. 

Looking to add key words on-scene? ADF has you covered. In this how-to video, investigators and analysts will learn how to add keywords directly from the Collection Key. As a digital evidence investigator, ADF provides the ability to create a collection key with or without Search Profiles and add keywords just before the start of a scan.

Our digital forensic specialist knows that as someone who used to go out and execute search warrants and conduct knock and talks, the ability to overcome and adapt on-scene is vital to a successful outcome. In this how-to video, Rich explains how to create a Collection Key without Search Profiles and how to add keywords prior to starting a scan from the Collection Key. 

This blog post will feature our Settings page, and tips and tricks to understanding it. The first thing users will notice on the settings page is the Backed-Up Licenses. This displays all licenses that have been backed up on this computer. When selecting a license it will display all the information pertaining to that license and also enable users to delete the license from the backed up licenses folder. Additionally, the information here can be used when making a support call or using the support portal.

When using ADF tools to collect files, either by File Properties, Hashes, or Keywords, ADF tools provide  three methods for file identification:

With ADF digital forensic software tools, it's possible to scan multiple devices simultaneously and have them as part of one scan. However, there are some items we need to keep in mind when preparing to scan multiple devices.

Once you have completed your investigation and need to archive your case, the most efficient method is to use the Stand Alone Viewer, which can be found within the reporting module. This viewer provides an all-in-one solution that includes a self-contained folder with a standalone application that gives you the ability to view the results. It is independent of the ADF suite of tools and does not require a license to use. By using the Stand Alone Viewer, you can be sure that all tags, comments, filters, and sorting will be included in the output. Please note that it is not possible to run the Stand Alone Viewer from read-only storage devices such as CDs or DVDs.

ADF digital forensic software comes with approximately a dozen out-of-the-box default search profiles designed to make it quick and easy for non-technical field investigators to quickly search for digital evidence. 

In this short How To video, digital forensic specialist Rich Frawley, will show you how to collect and share digital evidence files with prosecutors and third parties using ADF Software. This video is ideal for learning how to share evidence with prosecutors for review. 

Fast investigations require rapid access to evidence. ADF software enables investigators to quickly view the links of artifacts captured from a target device so you can easily understand a user's activities. 

In this short 5 minute video, you'll learn how to filter digital forensic scan results in ADF software. Filtering is available in any table while analyzing any of your scan results. In this how-to video, we'll look at:

Investigate on-scene with a single license for smartphones, tablets, and computers 

In this short How To video we are going to explore the Text Analytics capabilities built into ADF’s digital forensic software with the integration of Rosoka. ADF is bringing the power of Rosoka for automated entity extraction and language identification with gisting, through a tightly integrated user experience in the Rosoka Add-on. 

ADF & Rosoka Bring the Power of Entity Extraction and Multi-Lingual Translation to the Front-Line in Triage-G2^Ⓡ

Bethesda, Maryland: ADF Solutions, the leading provider of automated forensic software for investigators and lab examiners, today announced the ability for on-scene and lab investigators to leverage the power of Rosoka to speed their investigations of structured and unstructured data in over 200 languages. 

Rosoka text analytics brings the power of automated multilingual entity extraction directly into ADF digital forensics software through a tightly integrated user experience. Rosoka text analytics runs locally on the investigator’s computer, processing documents in over 200 languages to identify entities, and locations in unstructured documents. Learn more about the partnership at www.adfsolutions.com/partner/rosoka

Front line investigators and digital forensic examiners are encountering an ever increasing number of images in almost every investigation they perform. This exponential growth in the volume of images can challenge investigators searching for illicit online activity, Child Sexual Abuse Material (CSAM), extremist propaganda, or other types of image content. 

In this short video, ADF digital forensic specialist, Rich Frawley, demonstrates ADF's digital forensic image recognition and classification capabilities. 

Digital Evidence Investigator^® gives investigators the ability to customize Search Profiles and determine exactly what and where you want to look for digital evidence. This is especially convenient when looking to tailor a search for a forensic triage type scan or a targeted collection. This is accomplished by using the Targeted Folders Option when creating a custom file capture.

ADF Solutions’ New Software Delivers Forensic Capabilities to Police and Investigators

Bethesda, Maryland: ADF Solutions, the leading provider of automated forensic software for investigators and lab examiners, today announced the release of Mobile Device Investigator® the newest forensic software to investigate iOS and Android devices.  Qualified professionals can request a free trial of Mobile Device Investigator™ at www.tryadf.com.

When conducting an investigation, it is important to be flexible and follow the direction of your investigation with as few obstacles as possible. If your examination brings you a new file type, such as a video generated by a hand held camera, or a proprietary file created by a unique software, you want to be able to search for, or collect these files types right away either on-scene or back in the lab.

ADF offers the best digital forensic solution for getting relevant data from an Apple Mac laptop or desktop running APFS since it is easy to use and offers investigators a quick and easy way to collect and analyze evidence.  In this short 3-minute video, ADF's digital forensic specialist, Rich Frawley shows how to boot a MacBook Air (APFS, non-encrypted) with Digital Evidence Investigator.

Whether you are preparing to go on-scene or you are in your digital forensic lab getting ready to perform triage or one or more digital forensic scans, this video tutorial will show you how you can easily create a keyword capture and add keywords to a Search Profile.  We begin from when you have started to create a Custom Search Profile and want to add your own unique keywords.

ADF software lets investigators and examiners search for files by keyword(s) using substrings or regular expressions.  ADF software allows you to search for keywords in all file and folder names, file content and metadata, and artifact records from other captures.

Sensitive Site Exploitation refers to techniques used by military and intelligence officers to collect and exploit captured equipment, media and documents in theaters of operation around the world.  The process of exploiting sensitive or tactical sites to gather intelligence from targets for counter terrorism, force protection, or other national security needs is performed by forward operators using exploitation kits that can: 

Military and intelligence officers process an ever-increasing amount of data from which they need to gather actionable intelligence. This data comes from a variety of devices seized in combat operations or during an investigation.  

Document and Media Exploitation (DOMEX) is the "collection and exploitation of captured equipment, documents, and media to generate actionable intelligence." DOMEX analysis helps officers, special forces, and field operatives on the front lines complete a holistic picture of the intelligence available to them at the time. 

One of the reasons that investigators choose ADF software as their primary triage tool is because it can be used standalone or in conjunction with traditional forensic software.  Forensic Triage is ideal for front-line investigators because it's fast, easy-to-use, and can net results in situations where time matters. Deployed in a forensic lab, triage software can reduce forensic backlogs and allow forensic examiners to prioritize deep dive forensic investigations.

The term triage naturally brings to mind a medical emergency where you need to get in quickly, assess the damage and deal with the most serious problems first. Digital forensic triage has the same application but it's applied to a crime scene or investigation which involves computers or other digital media. Standard forensic methods normally take place in a forensic lab where a trained forensic examiner would perform a complete examination. Digital triage is a front line step in saving time and reaching satisfactory results faster.

ADF triage performance is fast -- built to be under two minutes for certain scans. Digital forensic triage speed and performance can vary based on a number of factors including the triage software you are using, the search criteria you choose, the suspect hardware configuration, and how much you know about what you are looking to understand in your investigation.

The best tools for rapid Mac forensics investigations just got better with ADF's release of new software versions to support the collection of artifacts with Mac OS Mojave Forensics and MacOS High Sierra as well as from Windows. 

ADF's New Forensic Software Empowers Investigators and Prosecutors

ADF Solutions, the leading provider of automated forensic software for investigators and lab examiners, announced today the release of new software versions 1.4 for Digital Evidence Investigator^Ⓡ, and versions 4.4 for Triage-Investigator^Ⓡ, and Triage-G2^Ⓡ software.  

"We are very excited to be the first digital forensic software to parse macOS Mojave log files natively under Windows strengthening our macOS support", stated Raphael Bousquet, CTO, and co-founder of ADF Solutions. "In our world of fast and efficient forensic analysis, we strive to reduce data noise for the investigator. The addition of picture and video classification is a great step in the right direction!"

A precise timeline view links user activities with pictures, videos, and files of interest so investigators can quickly build a digital forensic report to share with prosecutors or other investigators.  The new version leverages enhanced automation and enables investigators to run in-depth digital forensics scans quickly.  The highlights of this new release for the investigative and forensic community include:

What's the fastest, easiest way to perform RAM Dump? While there are many tools and techniques available to examiners for recovering data from volatile memory, ADF Digital Evidence Investigator^®, Triage-Investigator^®, and Triage-G2^® are fast and easy. 

A simple 2-step process lets even the most non-technical field investigators or highly trained digital forensic examiners quickly perform a RAM capture when running a live scan on the computer from a collection key: 

1. Click "Create RAM Dump" from the main menu
2. The RAM Dump will be saved to the collection key as a .bin file and then zipped

Digital forensic experts understand the importance of remembering to perform a RAM Capture on-scene so as to not leave valuable evidence behind. Capturing volatile data in a computer's memory dump enables investigators and examiners to do a full memory analysis and access data including:

Today, ADF is announcing the release of new digital forensic software versions for our products: 

• Digital Evidence InvestigatorⓇ (DEI) version 1.3.0 
• Triage-InvestigatorⓇ version 4.3.0
• Triage-G2Ⓡ version 4.3.0

ADF Solutions, a leading provider of digital forensic and media exploitation software, has released Triage-G2, the latest evolution of ADF's award-winning media exploitation tool. Triage-G2 is deployed by special forces, military and intelligence agencies worldwide and has a proven track record of supporting site exploitation missions, including Tactical Media Exploitation, DOMEX, MEDEX, and biometric identity operations.

Designed for nontechnical operators, Triage-G2 employs a simple two-step process to rapidly scan, extract, and analyze critical intelligence from computers and digital devices. The tool can be deployed on existing computing devices and on a small portable USB key. The collected data can then be easily distributed via portable reports or ingested into data repositories, which include Processing, Exploitation, and Dissemination Systems (PED).