Digital Evidence Investigator® gives investigators the ability to customize Search Profiles and determine exactly what and where you want to look for digital evidence. This is especially convenient when looking to tailor a search for a forensic triage type scan or a targeted collection. This is accomplished by using the Targeted Folders Option when creating a custom file capture.
In a triage type scan, an investigator can customize the File Collection, Hash Searches, and Keyword searches to target the Users Profiles thereby minimizing the scan time and focusing on the area that is most likely to contain the data you are looking for. A wealth of information is always saved by default to each Users; Documents, Downloads, Music, Pictures, and user created directories. Combine that with the ability to filter, sort, and search the individual profiles, in a very short amount of time you can make a decision that will positively impact your investigation.
With a targeted collection you can specify the file type and specific location you want to have collected or collect "all files" from a specific or targeted location. This approach allows an investigator to be very granular in an approach to an investigation, especially with situations when the files to be collected are known. A Search Profile with a targeted collection capture and several artifact captures will allow you to complete your forensic scan and analysis quickly and have all the information needed to prepare a comprehensive, court-ready report.
A targeted collection can also be combined with collecting data from the entire files system, in which case the targeted folders would be searched first and then continues to the entire file system without repeating the search of the targeted area. The benefit here may be when a search time may be limited, but you want to have the ability to collect as much as possible. By setting the scan in this manner the scan can be stopped at any time knowing the targeted areas were searched first, giving you the best possible outcome.
Pro Tip: Remember that Search Profiles can be customized with speed and objective in mind, giving you the ability to conduct a wide range of forensic examinations, Triage to Comprehensive, tailored to your specific investigative needs.
