Deploy automated forensic tools to your frontline field agents to collect evidence on-scene with initial powerful forensic triage capabilities to determine which devices to collect, what to ask suspects, or to acquire victim or witness evidence.
- Advanced logical acquisition of iOS/Android data up to 4GB per minute
- Live Preview Mode - View phone content immediately without waiting for a backup or imaging to finish
- Screen Recording for Android and iOS Devices (up to Android 14 and iOS 17)
- Auto-scroll when taking screenshots of long pages on Android
- Support for Developer Mode on iOS 17 and Android 14
- Scan and acquisition support for iOS 17 and Android 14
- Image live macOS computers via our remote agent and create an AFF4 logical image
- Image live ARM CPU-based Window devices
- Capture and organize screenshots of connected mobile devices while navigating with automatic processing to extract and index text for search, annotation, and reporting
- Recover call records, messages, saved contacts, and calendar data
- Recover WiFi connections, installed applications and Android user accounts
- Recover pictures, videos, audio files, documents, and user-defined file types
- Recover database files and Property Lists for later review
- Recover browsers, browsing history, download history, search terms, form data, bookmarks, and more
- Capture Revolut mobile app data and organize it in a financial transactions table (iOS)
- Discover remote Mac OS agents automatically
- Search for specific information using keywords, regular expressions, hash values, and PhotoDNA
- Identify files or artifacts containing terms related to child exploitation
- iOS devices: Automatically encrypt backup to obtain more data
- Capture RAM and volatile memory
- Rapidly search suspect media using large hash sets (>100 million), including VICS 2.0 and CAID
- Find relevant files and artifacts using powerful keyword and regular expression search capability
- Collect password-protected and corrupted files for later review
- Collect iOS backups on target computers
- Recover deleted records from apps using the SQLite database
- Supports collection of artifacts from Windows and macOS (including T2 and M1 chips)
- Image drives out-of-the-box with image verification and imaging log file
- Recover images from unallocated drive space
- Recover and process deleted partitions
- Detect and warn of BitLocker and FileVault2-protected drives
- Search and collect emails: MS Outlook, Windows Mail, Windows Live Mail 10, Apple Mail
- Highly configurable artifact and file collection including web browser cached files, social media, P2P, Cryptocurrency, cloud storage, user login events, anti-forensic traces, saved credentials, files shared via Skype, USB history, user connection log, etc.
- Investigate attached devices, live powered-on computers, boot scans from powered-off computers, forensic images, contents of folders, and network shares (including NAS devices)
- Scan full mobile device acquisitions and detect keychain/keystore files (GrayKey, UFED)
- Create new log files for logical images
- Simplified data container to store Mac logical images
- Deploy user-created Captures to the Collection Key when not using Search Profiles
- Use password and recovery key to decrypt and scan or image BitLocker volumes including those using the new AES-XTS encryption algorithm introduced in Windows 10
- Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation
- Leverage the powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers
- Direct access to the Capture screen with the ability to define the time range of data collection, define collection per app in a Search Profile, select Captures and apps before a live or boot scan, and exclude folders
- Leverage facial analysis age detection to quickly sort and identify infants, toddlers, children, and adults
- View results while a scan is running
- View thumbnail(s) of attached reference files (displays them in the HTML/PDF report as well)
- In gallery view, filter out images that aren’t rendered
- View chat conversations with bubbles to easily identify the senders and receivers with “Message Thread” hyperlink to select individual conversations
- Filter search results with sorting and search capabilities (dates, hash values, tags, text filters, more)
- Search scan results using keywords, with results categorized by record type
- View pictures and videos organized by visual classes such as people, faces, currency, weapons, vehicles, indecent pictures of children
- View links between files of interest and user’s activities such as recently access files, downloaded files, attachments, and more
- View highlighted encrypted files in the scan summary
- Redact previews when exporting a report
- Comprehensive video preview and frame extraction
- Automatically tag hash and keyword matches
- Define new file types and select individual ones to be processed
- Display provenance, including comprehensive metadata, of all relevant files and artifacts
- Reorder or disable post-scan tasks (classification of pictures, videos, or entity extraction) to run in the Viewer
- ADD-ON: Entity Extraction and Language Translation Gisting (230 languages) available
- Precisely select which files and artifacts to export
- Import hash values from a VICS/CAID database with the possibility to select categories,
- Import keyword list and prompt for default tags and comments if none are in the CSV file
- Import hash values from the CSV file and prompt for default tags and comments if none are in the CSV file
- Export errors when importing keywords or hash values
- Log issues when importing data
- Customize your report to show specific columns and redact pictures
- Present information in a table or list
- Include original files or previews only
- HTML and PDF reporting options
- Export to other forensics applications with VICS / Project VIC (JSON) or CSV formats
- Export to the Orchesight platform
- Share scan results with a portable standalone viewer
The Triage-Investigator PRO Kit Includes:
- One Licensed Triage-Investigator® PRO Software Authentication Key
- One Portable Travel Case
- One 500GB SSD Collection Drive
- One 4 Port USB Hub
- One USB-A to iOS 30-pin Cable
- One USB-A to iOS Lightning Cable
- One USB-A to MicroUSB Cable
- One USB-A to USB-C adapter
- One Adapter USB-C to Ethernet and 3 USB-A
- One Ethernet Cable
- One USB-A to USB-C Cable
- One USB-C to USB-C Cable
- Software Maintenance and Support
Request a Quote
Recommended Technical Specs:
- Windows 10 64-bit
- Intel i7 CPU
- 8GB Minimal, 16GB of RAM Recommended
- 500GB PCIe NVMe SSD hard drive
Request a Quote
ADF Solutions digital forensic experts designed the Triage-Investigator PRO Certified User Training as online learning to equip non-technical investigators with the knowledge and skills they need to use Triage-Investigator to perform forensic triage to collect and extract evidence from mobile devices, computers, and digital media.
Course Length
12 Hours: Learners typically take approximately 12 hours to successfully complete the exercises and the final certification exam.
Course Outline
- Introductions and getting started with Triage-Investigator
- Terminology
- Triage and field use cases
- Preserving digital evidence and the boot process
- Installation and preparing a collection key
- Introduction to the Triage-Investigator user interface
- Using a collection key to extract digital evidence
- Case Study 1: Screen, layouts, and controls
- Case Study 2: Live scans and analysis
- Case Study 3: Reporting
- Case Study 4: Desktop scans and fraud case analysis
- Importing Search Profiles
- Final Exam
PRO Module: Mobile Device Investigator
- Overview and terminology
- Connecting a mobile device
- Conducting a scan
- Taking Screenshots
- Search Profiles
- Creating backups
- Creating Mobile Search Profiles
- Analyzing Mobile Evidence
- PRO Module Final Exam
Cost
$1390 Online Self-Paced Class (Buy Online Now)
In-Person for Your Team (Request a Quote)