ADF News

In 2009, the number of backlogged digital evidence requests in publicly funded forensic crime labs was 1,600. By the end of 2014, that number had risen to 7,800. While that's tiny in comparison to the total number of backlogged evidence requests (over 570,000 in 2014!), every one of those requests is associated with a case that affects real people. This is why we love forensic triage, and why you should too.

During a criminal investigation, prioritizing the evidence is paramount to your success as an investigator. Filtering what is critical to the case and what isn't is the difference between success and failure of an investigation. 

Forensic triage - sometimes referred to as "digital forensic triage" - is the process by which you collect, assemble, analyze, and prioritize digital evidence from a crime or investigation.

It's difficult to do this in a timely manner when you don't have the proper tools. Depending on the type of investigation, it's a process that can involve sorting through mountains of digital data. 

One of the reasons that investigators choose ADF software as their primary triage tool is because it can be used standalone or in conjunction with traditional forensic software.  Triage is ideal for front-line investigators because it's fast, easy-to-use, and can net results in situations where time matters. Deployed in a forensic lab, triage software can reduce forensic backlogs and allow forensic examiners to prioritize deep dive forensic investigations.

The term triage naturally brings to mind a medical emergency where you need to get in quickly, assess the damage and deal with the most serious problems first. Digital forensic triage has the same application but it's applied to a crime scene or investigation which involves computers or other digital media. Standard forensic methods normally take place in a forensic lab where a trained forensic examiner would perform a complete examination. Digital triage is a front line step in saving time and reaching satisfactory results faster.

ADF triage performance is fast -- built to be under two minutes for certain scans. Digital forensic triage speed and performance can vary based on a number of factors including the triage software you are using, the search criteria you choose, the suspect hardware configuration, and how much you know about what you are looking to understand in your investigation.

The best tools for rapid digital forensic investigations just got better with ADF's release of new software versions to support the collection of artifacts from macOS Mojave, in addition to macOS High Sierra and Windows. 

ADF's New Forensic Software Empowers Investigators and Prosecutors

ADF Solutions, the leading provider of automated forensic software for investigators and lab examiners, announced today the release of new software versions 1.4 for Digital Evidence Investigator^Ⓡ, and versions 4.4 for Triage-Investigator^Ⓡ, and Triage-G2^Ⓡ software.  

"We are very excited to be the first digital forensic software to parse macOS Mojave log files natively under Windows strengthening our macOS support", stated Raphael Bousquet, CTO, and co-founder of ADF Solutions. "In our world of fast and efficient forensic analysis, we strive to reduce data noise for the investigator. The addition of picture and video classification is a great step in the right direction!"

A precise timeline view links user activities with pictures, videos, and files of interest so investigators can quickly build a digital forensic report to share with prosecutors or other investigators.  The new version leverages enhanced automation and enables investigators to run in-depth digital forensics scans quickly.  The highlights of this new release for the investigative and forensic community include:

While there are many tools and techniques available to examiners for recovering data from volatile memory, ADF Digital Evidence Investigator^®, Triage-Investigator^®, and Triage-G2^® are fast and easy. 

A simple 2-step process lets non-technical investigators and examiners quickly perform a RAM capture when running a live scan on the computer from a collection key: 

1. Click "Create RAM Dump" from the main menu
2. The RAM Dump will be saved to the collection key as a .bin file and then zipped

A criminal forensic lab located in one of the largest U.S. Federal agencies was working on an extensive child exploitation case and had seized 37 total hard drives that contained over 38 terabytes of data. The case was high profile and the forensic team had a short window of time to examine the contents of the confiscated drives. Technical resources were limited and imaging drives and conducting traditional forensic examinations would be very time consuming. With the amount of data that needed to be searched, the investigators realized that it could potentially be weeks before the examinations were complete and the case could move forward. In addition the case would require significant disk storage space to hold all of the images.

Digital forensic experts understand the importance of remembering to perform a RAM Capture on-scene so as to not leave valuable evidence behind.  Capturing volatile data in a computer's memory dump enables investigators and examiners to do a full memory analysis and access data including:

There are many cases where time is critical in a police investigation. This is increasingly true in a world where digital evidence can be an essential element in capturing a suspect or solving a crime. Digital data can implicate or clear suspects and utilizing digital evidence to your investigative advantage can allow you to act quickly while on-scene.

Starting digital investigations while at the scene has become increasingly important in fluid crime situations such as terrorism threats, active shooter situations, gang activity or sex trafficking. Field digital forensic investigations (a.k.a. field triage) can also be useful in CyberTip investigations or any crime where a digital device may have photos, video, audio, or other data that could be useful in identifying suspects, victims or protecting evidence.

Today, ADF is announcing the release of new digital forensic software versions for our products: 

• Digital Evidence InvestigatorⓇ (DEI) version 1.3.0 
• Triage-InvestigatorⓇ version 4.3.0
• Triage-G2Ⓡ version 4.3.0

ADF Solutions, a leading provider of digital forensic and media exploitation tools, has released Triage-Investigator, the latest evolution of ADF's award-winning digital forensic triage tool designed for field deployment. Triage-Investigator has a proven track record of providing investigators with easy, quick access to court-defendable evidence to process criminal cases.

This 3 day course uses HTCI’s proven hands-on training methods to train the investigator on the forefront of cyber investigations. It provides the investigator a simple USB/DVD deployment method to scan computers.