AD Triage On-Site Computer Forensics Software

PORTABLE COMPUTER FORENSICS SOFTWARE TO ACQUIRE DATA FROM BOTH LIVE AND SHUT DOWN COMPUTERS

AD TRIAGE

AD Triage is an easy-to-use forensically sound triage tool for the on-scene preview and acquisition of computers that are live or have been shut down. Built on FTK technology, AD Triage is ideal for users who are inexperienced with computer forensics software, but need to preserve evidence in the field. Now, forensic examiners and non-forensic personnel alike can acquire volatile and all or targeted hard drive data from a system in just minutes. It’s a great option for corporate and government teams who often need to acquire data from live or dead boxes for internal investigations, FOIA or even subpoenas. Law enforcement officers can preserve evidence securely without having to wait hours for a forensics expert to arrive on scene. Finally, attorneys, paralegals and litigation support personnel can easily preserve ESI for the purposes of e-discovery when handling smaller legal matters.

Using AD Triage you can preview the file system and target data by criteria, including keyword(s), hash, regular expression, file size, date and time, extensions, file path and illicit images. In addition, users can collect network and system information, as well as live memory. It allows you to acquire the full disk, a volume, or peripheral devices, saving data to a USB device, an external hard drive and export the data to a designated location on the same network. You can preconfigure your AD Triage device to automatically acquire only the data you’ve selected, allowing inexperienced users to safely and effectively use the tool. Or experienced forensic examiners can use AD Triage in manual mode for true triage at the scene.

Product Details

PRODUCT DETAILS:

  • Built on FTK technology.
  • Preview and acquire full disk, targeted data, or copy an external hard drive (AD1, E01, RAW, or SMART).
  • Acquire data from a live system with an active USB port.
  • Built-in explicit image detection and scoring.
  • Advanced automated collection allows you to pre-configure Triage to automatically collect
    only pertinent data.
  • AD Triage maintains FIPS 140-2 compliance with support for encrypted USB devices, such as Kanguru® and IronKey® devices.
  • Manual mode allows you to search the file system prior to collection.
  • Pre-configured options for reporting on collected data.

CUSTOMIZE AND SAVE YOUR FORENSIC COLLECTION PROFILES…

Browser

  • Chrome Browser History
  • Default Browsers
  • Firefox Browser History
  • Internet Explorer History
  • Internet Explorer Registry Keys
  • Typed URLs

Files

  • Desktop Files
  • MS Office Recently Opened
  • Recent Files
  • Recently Accessed Media Player Files
  • Temporary Executables

Network

  • ARP Table
  • DNS Cache
  • Domain Systems
  • Local Shares
  • Network Adaptors
  • Network Connections
  • Remote Shares
  • Routing Tables
  • IP Addresses

Software

  • Acrobat History
  • Application Usage History
  • Installed Software
  • Manually Launched Applications
  • Microsoft Management Console
  • Program Files Software
  • Start-up Programs

System

  • Clipboard Data
  • Device Drivers
  • Memory Dump
  • Processes
  • Scheduled Tasks
  • Screenshot
  • Services
  • User Accounts
  • User Groups
  • Acquire Registry
  • System Information
  • Typed Paths
  • USB Devices

Users

  • Owner Information
  • SAM Users
 
Go To Top »
© 2012 AccessData Group, LLC. All Rights Reserved.
Contact Us / Support / Feedback / Sitemap