Portable Computer Forensics software to acquire data from both live and shut down computers

AD Triage is an easy-to-use forensically sound triage tool for the on-scene preview and acquisition of computers that are live or have been shut down. Built on FTK technology, AD Triage is ideal for users who are inexperienced with computer forensics software, but need to preserve evidence in the field. Now, forensic examiners and non-forensic personnel alike can acquire volatile and all or targeted hard drive data from a system in just minutes. It’s a great option for corporate and government teams who often need to acquire data from live or dead boxes for internal investigations, FOIA or even subpoenas. Law enforcement officers can preserve evidence securely without having to wait hours for a forensics expert to arrive on scene. Finally, attorneys, paralegals and litigation support personnel can easily preserve ESI for the purposes of e-discovery when handling smaller legal matters.

Using AD Triage you can preview the file system and target data by criteria, including keyword(s), hash, regular expression, file size, date and time, extensions, file path and illicit images. In addition, users can collect network and system information, as well as live memory. It allows you to acquire the full disk, a volume, or peripheral devices, saving data to a USB device, an external hard drive and export the data to a designated location on the same network. You can preconfigure your AD Triage device to automatically acquire only the data you’ve selected, allowing inexperienced users to safely and effectively use the tool. Or experienced forensic examiners can use AD Triage in manual mode for true triage at the scene.

PRODUCT DETAILS:

• Built on FTK technology
• Preview and acquire full disk, targeted data, or copy an external hard drive (AD1, E01, RAW, or SMART)
• Supports powered-down Macs with Intel® processors
• Built-in explicit image detection and scoring
• Advanced automated collection allows you to pre-configure Triage to automatically collect only pertinent data
• The “Triage Receiver” can be used to export data to a pre-configured location on the network. Simply export the data directly from the target system to a designated network share.
• Manual mode allows you to search the file system prior to collection
• Pre-configured options for reporting on collected data