Triage-Investigator PRO

The #1 Field Forensic Tool for Frontline Agents

Triage-Investigator® PRO is intelligent forensic triage for iOS/Android and computer investigations. Deploy to the front-line investigator to collect, analyze and report on digital evidence to prove your case. Investigate iOS, Android, Mac, Linux and Windows.  TINV PRO has powerful boot capabilities, is forensically sound, and comes with technical support and regular upgrades.  

Request a Free Trial
Triage-Investigator Pro - Field Forensic Tool for Digital Evidence

Intro to Triage-Investigator

Triage-Investigator PRO empowers forensic lab examiners to leverage field investigators to collect and process data and analyze phones, computers, and digital devices in the field. Examiners can roll out digital forensic capabilities to the field quickly with minimal training and with confidence that forensic integrity will be maintained during collection, analysis, and reporting. 

No video selected

Select a video type in the sidebar.
Triage-Investigator® Forensic PRO Forensic Kit

Triage-Investigator PRO

The Ultimate Field Forensics Tool

Triage-Investigator® PRO is the all-in-one digital forensic, triage and media exploitation software built for speed, scalability, and ease-of-use by front-line investigators who need results. ADF software quickly processes and analyzes smartphones (iOS and Android), computers, external drives, drive images, and other media storage (USB flash drives, memory cards, etc.).  

With TINV PRO, you get all the capabilities of Triage-Investigator® and Mobile Device Investigator® in a single license. Empower your front-line investigators to collect, analyze and report on digital evidence from

Buy now

Deploy automated forensic tools to your frontline field agents to collect evidence on-scene with initial powerful forensic triage capabilities to determine which devices to collect, what to ask suspects, or to acquire victim or witness evidence. 

  • Advanced logical acquisition of iOS/Android data up to 4GB per minute
  • Live Preview Mode - View phone content immediately without waiting for a backup or imaging to finish
  • Screen Recording for Android and iOS Devices (up to Android 14 and iOS 16)
  • Screenshots: auto-scroll when taking screenshots of long pages on Android
  • Screenshot: support for the Developer Mode on iOS 16 and Android 14
  • Scan and acquisition support for iOS 16 and Android 14
  • Scan & Image: discover remote Mac OS agents automatically
  • Image live macOS computers via our remote agent and create an AFF4 logical image
  • Capture and organize screenshots of connected mobile devices while navigating with automatic processing to extract and index text for search, annotation and reporting
  • Recover call records, messages, saved contacts and calendar data
  • Recover WiFi connections, installed applications and Android user accounts
  • Recover pictures, videos, audio files, documents and user-defined file types
  • Recover database files and Property Lists for later review
  • Recover browsers, browsing history, download history, search terms, form data, bookmarks, more
  • Capture Revolut mobile app data and organize it in a financial transactions table (iOS)
  • Search for specific information using keywords, regular expressions, hash values and PhotoDNA
  • Identify files or artifacts containing terms related to child exploitation
  • iOS devices: Automatically encrypt backup to obtain more data
  • Capture RAM and volatile memory
  • Rapidly search suspect media using large hash sets (>100 million), including VICS 2.0 and CAID
  • Find relevant files and artifacts using powerful keyword and regular expression search capability
  • Collect password protected and corrupted files for later review
  • Collect iOS backups on target computers
  • Recover deleted records from apps using the SQLite database
  • Supports collection of artifacts from Windows and macOS (including T2 and M1 chips)
  • Image drives out-of-the-box with image verification and imaging log file
  • Recover images from unallocated drive space
  • Recover and process deleted partitions
  • Detect and warn of BitLocker and FileVault2 protected drives
  • Search and collect emails: MS Outlook, Windows Mail, Windows Live Mail 10, Apple Mail
  • Highly configurable artifact and file collection including web browser cached files, social media, P2P, Cryptocurrency, cloud storage, user login events, anti-forensic traces, saved credentials, files shared via Skype, USB history, user connection log, etc.
  • Investigate attached devices, live powered on computers, boot scans from powered off computers, forensic images, contents of folders and network shares (including NAS devices)
  • Use password and recovery key to decrypt and scan or image BitLocker volumes including those using the new AES-XTS encryption algorithm introduced in Windows 10
  • Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation
  • Leverage the powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers
  • Scan full mobile device acquisitions and detect keychain/keystore files (GrayKey, UFED)
  • Scan Setup: define time range of data collection, define collection per app in a Search Profile, select Captures and apps before a live or boot scan and exclude folders from the scan
  • Scan Setup: deploy user-created Captures to the Collection Key when not using Search Profiles
  • Scan Setup: direct access to the new Capture screen
  • Image: create new log files for logical images
  • Image: use new and simplified data container to store Mac logical images (no more experimental AFF4-L)

Use the single timeline view that combines files and artifact records with a user’s actions.

  • View results while a scan is running, and filter search results with sorting and search capabilities (dates, hash values, tags, text filters
  • View chat conversations with bubbles to easily identify senders / receivers with message threads
  • View pictures and videos organized by visual classes such as people, faces, currency, weapons, vehicles, indecent pictures of children
  • View links between files of interest and user’s activities such as recently access files, downloaded files, attachments, and more
  • View highlighted encrypted files in the scan summary
  • Viewer: the ability to redact previews when exporting a report
  • Viewer: undock Frames panel tab
  • Inspect video using ADF's comprehensive video preview and frame extraction
  • Automatically tag hash and keyword matches
  • Leverage Facial Analysis and Age Detection to sort and identify images of infants, toddlers, children, adults
  • Define new file types and select individual ones to be processed
  • Display provenance, including comprehensive metadata, of all relevant files and artifacts
  • Reorder or disable post-scan tasks (classification of pictures, videos, or entity extraction)

Create a standalone portable viewer for further analysis and reporting for prosecutors and other investigators.

  • Precisely select which files and artifacts to export
  • Customize your report to show specific columns and redact pictures
  • Present information in a table or list
  • Include original files or previews only
  • HTML and PDF reporting options
  • Export to other forensics applications with VICS / Project VIC (JSON) or CSV formats
  • Share scan results with a portable standalone viewer

The Triage-Investigator PRO Kit Includes:

  • One Portable Travel Case
  • One Licensed Triage Investigator® PRO Software Authentication Key
  •  One 500GB SSD Collection Drive
  •  USB cables for iOS
  •  USB cables for Android
  •  One 4 Port USB Hub
  •  Software Maintenance and Support

Request a Quote

 

Recommended Technical Specs:

  • Windows 10 64-bit
  • Intel i7 CPU
  • 8GB Minimal, 16GB of RAM Recommended
  • 500GB PCIe NVMe SSD hard drive

Request a Quote

ADF Solutions digital forensic experts designed the Triage-Investigator PRO Certified User Training as online learning to equip non-technical investigators with the knowledge and skills they need to use Triage-Investigator to perform forensic triage to collect and extract evidence from mobile devices, computers, and digital media. 

Course Length

12 Hours: Learners typically take approximately 12 hours to successfully complete the exercises and the final certification exam.

Course Outline

  • Introductions and getting started with Triage-Investigator
  • Terminology
  • Triage and field use cases
  • Preserving digital evidence and the boot process
  • Installation and preparing a collection key
  • Introduction to the Triage-Investigator user interface
  • Using a collection key to extract digital evidence
  • Case Study 1: Screen, layouts, and controls
  • Case Study 2: Live scans and analysis
  • Case Study 3: Reporting
  • Case Study 4: Desktop scans and fraud case analysis
  • Importing Search Profiles 
  • Final Exam 

PRO Module: Mobile Device Investigator

  • Overview and terminology
  • Connecting a mobile device
  • Conducting a scan
    • Taking Screenshots
    • Search Profiles
    • Creating backups
  • Creating Mobile Search Profiles
  • Analyzing Mobile Evidence  
  • PRO Module Final Exam

Cost

$1390 Online Self-Paced Class (Buy Online Now)

In-Person for Your Team (Request a Quote)
"The quickness and user interface, as well as the ability to shape the triage and target certain types of investigations, have impressed everyone."

Computer Forensic Analyst

U.S. Federal Agency