Deploy automated forensic tools to your frontline field agents to collect evidence on-scene with initial powerful forensic triage capabilities to determine which devices to collect, what to ask suspects, or to acquire victim or witness evidence.
- Advanced logical acquisition of iOS/Android data up to 4GB per minute
- Live Preview Mode - View phone content immediately without waiting for a backup or imaging to finish
- Screen Recording for Android and iOS Devices (up to Android 14 and iOS 16)
- Screenshots: auto-scroll when taking screenshots of long pages on Android
- Screenshot: support for the Developer Mode on iOS 16 and Android 14
- Scan and acquisition support for iOS 16 and Android 14
- Scan & Image: discover remote Mac OS agents automatically
- Image live macOS computers via our remote agent and create an AFF4 logical image
- Capture and organize screenshots of connected mobile devices while navigating with automatic processing to extract and index text for search, annotation and reporting
- Recover call records, messages, saved contacts and calendar data
- Recover WiFi connections, installed applications and Android user accounts
- Recover pictures, videos, audio files, documents and user-defined file types
- Recover database files and Property Lists for later review
- Recover browsers, browsing history, download history, search terms, form data, bookmarks, more
- Capture Revolut mobile app data and organize it in a financial transactions table (iOS)
- Search for specific information using keywords, regular expressions, hash values and PhotoDNA
- Identify files or artifacts containing terms related to child exploitation
- iOS devices: Automatically encrypt backup to obtain more data
- Capture RAM and volatile memory
- Rapidly search suspect media using large hash sets (>100 million), including VICS 2.0 and CAID
- Find relevant files and artifacts using powerful keyword and regular expression search capability
- Collect password protected and corrupted files for later review
- Collect iOS backups on target computers
- Recover deleted records from apps using the SQLite database
- Supports collection of artifacts from Windows and macOS (including T2 and M1 chips)
- Image drives out-of-the-box with image verification and imaging log file
- Recover images from unallocated drive space
- Recover and process deleted partitions
- Detect and warn of BitLocker and FileVault2 protected drives
- Search and collect emails: MS Outlook, Windows Mail, Windows Live Mail 10, Apple Mail
- Highly configurable artifact and file collection including web browser cached files, social media, P2P, Cryptocurrency, cloud storage, user login events, anti-forensic traces, saved credentials, files shared via Skype, USB history, user connection log, etc.
- Investigate attached devices, live powered on computers, boot scans from powered off computers, forensic images, contents of folders and network shares (including NAS devices)
- Use password and recovery key to decrypt and scan or image BitLocker volumes including those using the new AES-XTS encryption algorithm introduced in Windows 10
- Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation
- Leverage the powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers
- Scan full mobile device acquisitions and detect keychain/keystore files (GrayKey, UFED)
- Scan Setup: define time range of data collection, define collection per app in a Search Profile, select Captures and apps before a live or boot scan and exclude folders from the scan
- Scan Setup: deploy user-created Captures to the Collection Key when not using Search Profiles
- Scan Setup: direct access to the new Capture screen
- Image: create new log files for logical images
- Image: use new and simplified data container to store Mac logical images (no more experimental AFF4-L)
Use the single timeline view that combines files and artifact records with a user’s actions.
- View results while a scan is running, and filter search results with sorting and search capabilities (dates, hash values, tags, text filters
- View chat conversations with bubbles to easily identify senders / receivers with message threads
- View pictures and videos organized by visual classes such as people, faces, currency, weapons, vehicles, indecent pictures of children
- View links between files of interest and user’s activities such as recently access files, downloaded files, attachments, and more
- View highlighted encrypted files in the scan summary
- Viewer: the ability to redact previews when exporting a report
- Viewer: undock Frames panel tab
- Inspect video using ADF's comprehensive video preview and frame extraction
- Automatically tag hash and keyword matches
- Leverage Facial Analysis and Age Detection to sort and identify images of infants, toddlers, children, adults
- Define new file types and select individual ones to be processed
- Display provenance, including comprehensive metadata, of all relevant files and artifacts
- Reorder or disable post-scan tasks (classification of pictures, videos, or entity extraction)
Create a standalone portable viewer for further analysis and reporting for prosecutors and other investigators.
- Precisely select which files and artifacts to export
- Customize your report to show specific columns and redact pictures
- Present information in a table or list
- Include original files or previews only
- HTML and PDF reporting options
- Export to other forensics applications with VICS / Project VIC (JSON) or CSV formats
- Share scan results with a portable standalone viewer
The Triage-Investigator PRO Kit Includes:
- One Portable Travel Case
- One Licensed Triage Investigator® PRO Software Authentication Key
- One 500GB SSD Collection Drive
- USB cables for iOS
- USB cables for Android
- One 4 Port USB Hub
- Software Maintenance and Support
Request a Quote
Recommended Technical Specs:
- Windows 10 64-bit
- Intel i7 CPU
- 8GB Minimal, 16GB of RAM Recommended
- 500GB PCIe NVMe SSD hard drive
Request a Quote
ADF Solutions digital forensic experts designed the Triage-Investigator PRO Certified User Training as online learning to equip non-technical investigators with the knowledge and skills they need to use Triage-Investigator to perform forensic triage to collect and extract evidence from mobile devices, computers, and digital media.
Course Length
12 Hours: Learners typically take approximately 12 hours to successfully complete the exercises and the final certification exam.
Course Outline
- Introductions and getting started with Triage-Investigator
- Terminology
- Triage and field use cases
- Preserving digital evidence and the boot process
- Installation and preparing a collection key
- Introduction to the Triage-Investigator user interface
- Using a collection key to extract digital evidence
- Case Study 1: Screen, layouts, and controls
- Case Study 2: Live scans and analysis
- Case Study 3: Reporting
- Case Study 4: Desktop scans and fraud case analysis
- Importing Search Profiles
- Final Exam
PRO Module: Mobile Device Investigator
- Overview and terminology
- Connecting a mobile device
- Conducting a scan
- Taking Screenshots
- Search Profiles
- Creating backups
- Creating Mobile Search Profiles
- Analyzing Mobile Evidence
- PRO Module Final Exam
Cost
$1390 Online Self-Paced Class (Buy Online Now)
In-Person for Your Team (Request a Quote)