Icon Menu
Fulcrum Management
Icon Search
Fulcrum Management

Triage-Investigator

Triage Investigator has been designed for field triage requirements. It is primarily used by investigators with limited digital forensic training in running the tool (basic mode only). This basic user mode allows for ease-of-use and limits user risk. Triage-Investigator also offers separate authentication and collection keys which allows users to scan multiple computers simultaneously, which can be particularly useful for on-scene investigations. Triage-Investigator does not offer stealth mode during live scans, advanced search configurations, or the ability to switch to advanced mode.

Rapid Evidence collections, analysis & reporting

Triage-Investigator is ADF's award-winning intelligent forensic triage tool designed for field deployment with Digital Evidence Investigator. The software has a proven track record of providing easy and quick access to court defendable evidence to process cases and leveraging investigators to assist forensic labs with rapid collection, analysis, reporting, and managing digital backlogs.

Triage-Investigator® is easy-to-use, easily configurable, supports a wide array of computer hardware, has powerful boot capabilities, is forensically sound, and comes with technical support and regular upgrades.   

  • Automated / easy-to-learn and deploy  with rapid artifact & file collection using out-of-the-box forensic scans

  • Deploy with to import custom Search Profiles

  • Standalone Report Viewer (share with prosecutors!)

Digital Forensic Platform

Triage-Investigator is designed to work with Digital Evidence Investigator® (DEI) and provide a digital forensic platform where forensic labs can leverage investigators to collect and process data and analyse computers and digital devices in the field. The ADF digital forensic platform enables an organisation to control search criteria used in the field.  DEI with Triage-Investigator enables organisations to roll out digital forensic software to the field quickly with minimal training and confidence that forensic integrity will be maintained during collection, analysis and reporting. 

Triage-Investigator® Key Features

Triage-Investigator can also be licensed to a computer instead of a physical Authentication Key (dongle) as an option. 

COLLECT

Empower front line field investigators with pre-set scans for automated on-scene collection and analysis and maintain control with the combined power of Digital Evidence Investigator and Triage-Investigator.

  • Easy-to-use and deploy with minimal training

  • Highly configurable artifact and file collection including web browser cached files, social media, P2P, Cryptocurrency, cloud storage, user login events, anti-forensic traces, saved credentials, files shared via Skype, USB history, user connection log, etc.

  • Recover deleted records from apps using the SQLite database

  • Supports collection of forensic artifacts from Windows and macOS 

  • Search and collect emails including MS Outlook, Windows Mail, Windows Live Mail 10, Apple Mail

  • Investigate attached devices, live powered on computers, boot scans from powered off computers, forensic images, the contents of folders and network shares (including shares made available by NAS devices)

  • Enter keywords just before a live/boot scan

  • Rapidly search suspect media using large hash sets (>100 million), including Project VIC (VICS 2.0) and CAID

  • Find relevant files and artifacts with powerful keyword and regular expression search capability

  • Image drives Out-of-the-box with image verification and imaging log file

  • Use password and recovery key to decrypt and scan or image BitLocker volumes including those using the AES-XTS encryption algorithm introduced in Windows 10

  • Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation

  • Capture RAM / acquire volatile memory

  • Collect password protected and corrupted files for later review

  • Collect iOS backups on target computers

  • Detect and warn of BitLocker and FileVault2 protected drives

  • Leverage powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers

ANALYZE

Use the single timeline view that combines files and artifact records with a user’s actions.

  • View results while a scan is running 

  • View chat conversations with bubbles to easily identify the senders and receivers with “Message Thread” hyperlink to select individual conversations - New

  • Filter search results with sorting and search capabilities (dates, hash values, tags, text filters, more)

  • View pictures and videos organised by visual classes such as people, faces, currency, weapons, vehicles, indecent pictures of children

  • View links between files of interest and user’s activities such as recently access files, downloaded files, attachments, and more

  • Inspect video using DEI’s comprehensive video preview and frame extraction

  • Automatically tag hash and keyword matches

  • Define new file types and select individual ones to be processed

  • Display provenance, including comprehensive metadata, of all relevant files and artifacts

  • Reorder or disable post-scan tasks (classification of pictures, videos, or entity extraction) to run in the Viewer - New

  • ADD-ON: Rosoka Entity Extraction and Language Translation Gisting (230 languages) available

     

Report

Triage-InvestigatorⓇ lets investigators create a standalone portable viewer for further analysis and reporting for prosecutors and other investigators.

  • Powerful reporting capabilities (HTML, PDF, CSV)

  • Export in VICS format (to or other JSON compatible tool) 

View more ADF Solutions products →

View more Triage products →

Training

Enquire about this product