ADF News

As a forensic investigator, there will come a time when you will come across the occasional computer that is difficult to get to the HDD and it may be encrypted by default, such as the Microsoft Surface Pro. In this short video, you'll learn how to easily conduct a boot scan of a Microsoft Surface Pro with Bitlocker activated.

Of all the investigations that a law enforcement agency may undertake, there may be none as difficult to deal with as crimes perpetrated against minors. The proliferation of online child exploitation material continues to be an issue worldwide, from child pornography to the facilitation of human trafficking. Luckily, investigators are not having to combat this problem alone thanks to industry solutions like those provided by ADF Solutions and the organizations below.  

Whether you are preparing to go on-scene or you are in your digital forensic lab getting ready to perform triage or one or more digital forensic scans, this video tutorial will show you how you can easily create a keyword capture and add keywords to a Search Profile.  We begin from when you have started to create a Custom Search Profile and want to add your own unique keywords.

ADF software lets investigators and examiners search for files by keyword(s) using substrings or regular expressions.  ADF software allows you to search for keywords in all file and folder names, file content and metadata, and artifact records from other captures.

Digital Evidence Investigator^® (DEI) and Triage-Investigator^® come with out-of-the-box default Search Profiles. In this short video tutorial, we use Digital Evidence Investigator to demonstrate "What is a Search Profile?".

In DEI the Search Profiles are maintained in the Setup Scans Menu option. The Search Profile, when run, will collect the information selected within the Search Profile. Search Profiles will run from the desktop application or from the collection key on a Live or Boot scan.

When you're faced with a mountain of digital evidence, how do you start sifting through it? For law enforcement, litigation support, and incident response agencies organizing and prioritizing digital media and electronically stored information (ESI) is crucial. Adopting an Early Case Assessment (ECA) methodology helps expedite and improve overall case efficiency and productivity; reducing backlogs and increasing turnaround times.

In the early 18th century, triage was used to refer to the action of sorting items according to quality and was taken from the French word trier which means to sort, separate out or cull. 

>> Continue reading or watch the Benefits of Triage webinar recording. 

In 2009, the number of backlogged digital evidence requests in publicly funded forensic crime labs was 1,600. By the end of 2014, that number had risen to 7,800. While that's tiny in comparison to the total number of backlogged evidence requests (over 570,000 in 2014!), every one of those requests is associated with a case that affects real people. This is why we love forensic triage, and why you should too.

During a criminal investigation, prioritizing the evidence is paramount to your success as an investigator. Filtering what is critical to the case and what isn't is the difference between success and failure of an investigation. 

Forensic triage - sometimes referred to as "digital forensic triage" - is the process by which you collect, assemble, analyze, and prioritize digital evidence from a crime or investigation.

It's difficult to do this in a timely manner when you don't have the proper tools. Depending on the type of investigation, it's a process that can involve sorting through mountains of digital data. 

One of the reasons that investigators choose ADF software as their primary triage tool is because it can be used standalone or in conjunction with traditional forensic software.  Triage is ideal for front-line investigators because it's fast, easy-to-use, and can net results in situations where time matters. Deployed in a forensic lab, triage software can reduce forensic backlogs and allow forensic examiners to prioritize deep dive forensic investigations.

The term triage naturally brings to mind a medical emergency where you need to get in quickly, assess the damage and deal with the most serious problems first. Digital forensic triage has the same application but it's applied to a crime scene or investigation which involves computers or other digital media. Standard forensic methods normally take place in a forensic lab where a trained forensic examiner would perform a complete examination. Digital triage is a front line step in saving time and reaching satisfactory results faster.

ADF triage performance is fast -- built to be under two minutes for certain scans. Digital forensic triage speed and performance can vary based on a number of factors including the triage software you are using, the search criteria you choose, the suspect hardware configuration, and how much you know about what you are looking to understand in your investigation.

The best tools for rapid digital forensic investigations just got better with ADF's release of new software versions to support the collection of artifacts from macOS Mojave, in addition to macOS High Sierra and Windows. 

ADF's New Forensic Software Empowers Investigators and Prosecutors

ADF Solutions, the leading provider of automated forensic software for investigators and lab examiners, announced today the release of new software versions 1.4 for Digital Evidence Investigator^Ⓡ, and versions 4.4 for Triage-Investigator^Ⓡ, and Triage-G2^Ⓡ software.  

"We are very excited to be the first digital forensic software to parse macOS Mojave log files natively under Windows strengthening our macOS support", stated Raphael Bousquet, CTO, and co-founder of ADF Solutions. "In our world of fast and efficient forensic analysis, we strive to reduce data noise for the investigator. The addition of picture and video classification is a great step in the right direction!"

A precise timeline view links user activities with pictures, videos, and files of interest so investigators can quickly build a digital forensic report to share with prosecutors or other investigators.  The new version leverages enhanced automation and enables investigators to run in-depth digital forensics scans quickly.  The highlights of this new release for the investigative and forensic community include:

While there are many tools and techniques available to examiners for recovering data from volatile memory, ADF Digital Evidence Investigator^®, Triage-Investigator^®, and Triage-G2^® are fast and easy. 

A simple 2-step process lets non-technical investigators and examiners quickly perform a RAM capture when running a live scan on the computer from a collection key: 

1. Click "Create RAM Dump" from the main menu
2. The RAM Dump will be saved to the collection key as a .bin file and then zipped

A criminal forensic lab located in one of the largest U.S. Federal agencies was working on an extensive child exploitation case and had seized 37 total hard drives that contained over 38 terabytes of data. The case was high profile and the forensic team had a short window of time to examine the contents of the confiscated drives. Technical resources were limited and imaging drives and conducting traditional forensic examinations would be very time consuming. With the amount of data that needed to be searched, the investigators realized that it could potentially be weeks before the examinations were complete and the case could move forward. In addition the case would require significant disk storage space to hold all of the images.

Digital forensic experts understand the importance of remembering to perform a RAM Capture on-scene so as to not leave valuable evidence behind.  Capturing volatile data in a computer's memory dump enables investigators and examiners to do a full memory analysis and access data including:

There are many cases where time is critical in a police investigation. This is increasingly true in a world where digital evidence can be an essential element in capturing a suspect or solving a crime. Digital data can implicate or clear suspects and utilizing digital evidence to your investigative advantage can allow you to act quickly while on-scene.

Starting digital investigations while at the scene has become increasingly important in fluid crime situations such as terrorism threats, active shooter situations, gang activity or sex trafficking. Field digital forensic investigations (a.k.a. field triage) can also be useful in CyberTip investigations or any crime where a digital device may have photos, video, audio, or other data that could be useful in identifying suspects, victims or protecting evidence.

Today, ADF is announcing the release of new digital forensic software versions for our products: 

• Digital Evidence InvestigatorⓇ (DEI) version 1.3.0 
• Triage-InvestigatorⓇ version 4.3.0
• Triage-G2Ⓡ version 4.3.0

ADF Solutions, a leading provider of digital forensic and media exploitation tools, has released Triage-Investigator, the latest evolution of ADF's award-winning digital forensic triage tool designed for field deployment. Triage-Investigator has a proven track record of providing investigators with easy, quick access to court-defendable evidence to process criminal cases.

This 3 day course uses HTCI’s proven hands-on training methods to train the investigator on the forefront of cyber investigations. It provides the investigator a simple USB/DVD deployment method to scan computers.