AD Enterprise
AD Enterprise enables access to multiple office locations and remote workers across the network, providing deep visibility into data when investigating employee wrongdoing or to facilitate regulatory and legal requirements. AD Enterprise allows corporations or government agencies to enforce policies, help protect their data and intellectual property, and reduce costs by conducting key tasks at the endpoint, revealing significant evidence and risks without having to pull back data from the entire network. It opens up the investigative architecture, and delivers a unified permissions platform.
Why You Want It
Today’s digital forensics teams face many challenges in a world filled with an overwhelming amount of data. From multiple office locations, to massive employee pools and remote workers, AD Enterprise provides deep visibility into live data directly at the endpoint, helping you conduct faster, more targeted enterprise-wide post-breach, HR and compliance investigations in a single, robust solution. With AD Enterprise, you can respond quickly, remotely and covertly while maintaining chain of custody, and facilitate focused forensic investigations and post-breach analysis, without interruption to business operations.
Network Investigation & Post-Breach Analysis
From multiple office locations to massive employee pools and remote workers, AD Enterprise provides deep visibility into your organization’s data, to uncover employee wrongdoing and facilitate regulatory and legal requirements quickly and covertly.
Capabilities to Empower You
The 7.3 version of AD Enterprise features Jamf® integration to covertly deploy the AD Enterprise agent and permissions to endpoints automatically, allowing for mass deployment and expanded remote collection capabilities from MacOS® devices.
Additional 7.3 capabilities include the ability to decrypt a computer drive encrypted by the latest version of Check Point, and updated support for AFF4 and TX1-created LX01 and E01 images, which streamlines the user's workflow when collecting and importing data from multiple third-party tools.
AD Enterprise enables investigators to collect, process and analyze datasets containing Apple file systems that are encrypted, compressed or deleted.
Decryption support for computer drives encrypted by the latest version of Check Point encryption, McAfee Drive Encryption, WinMagic SecureDoc encryption, plus L01 export support
Preview live data at the endpoint, then filter on any attributes and choose to retrieve only the data that matters to your investigation.
Extract essential information for your investigation from files on the endpoint with ready-made filters—or create your own filters—to speed analysis.
Conduct live memory analysis to find traces of malware, gain insight into potential insider threats, and investigate unknown activity within temporary storage faster than ever before, all within a user-friendly single-agent infrastructure.
Get endpoint insights into artifacts important to an investigation. Filter on virtually any attribute, such as Windows Defender Antivirus event log, McAfee Antivirus Log, Net Logon events, Remote Login events, Network shares, Windows Registry events, Windows Firewall Log, SSH – PuTTY, KiTTY, MobaXterm, Xshell, OpenSSH known_hosts file, and much, much more!
AD Enterprise supports forensic examination on a broad range of operating systems including Windows®, Linux®, Mac®, UNIX®, Android™ and iOS®.
Customizable processing profile buttons help create a set of standards for processing particular types of investigations.
Perform multipass data review and change indexing options without reprocessing your data.
Perform differential analysis on volatile data to see changes over time and facilitate identification of potential threats.
Restore partially deleted data, fragmented files, hidden processes and volatile data from a wide array of file types and data sources.
Investigate with ease, using wizard-driven processing and reporting with intuitive and user-friendly interface.
Parse, review and analyze mobile chat data from the most-used chat applications.
Automate email notifications at more case milestones for more users.
Automatically expand audit log and evidence tracking detail to improve chain of custody documentation.
With forensically sound collection capabilities and the AccessData® single, secure back-end database reducing data movement and potential data spoliation, you can be confident evidence is collected and preserved in a legally defensible manner.
Pause and resume feature ensuring that, if a machine goes off network, jobs will continue where they left off once the machine is back online.