Preview live data at the endpoint, then filter on any attributes and choose to retrieve only the data that matters to your investigation, saving time and cost.
Why You Want It
Today’s digital forensics teams face many challenges in a world filled with an overwhelming amount of data. From multiple office locations, to massive employee pools and remote workers, AD Enterprise provides deep visibility into live data directly at the endpoint, helping you conduct faster, more targeted enterprise-wide post-breach, HR and compliance investigations in a single, robust solution. With AD Enterprise, you can respond quickly, remotely and covertly while maintaining chain of custody, and facilitate focused forensic investigations and post-breach analysis, without interruption to business operations.
PREVIEW LIVE DATA
Maximize resources using built-in tasking collaboration tools that help investigative teams work together across all departments, to share notes tasks and escalate incidents that need deeper investigation. Monitor threats and remediate security breaches on-site or remotely at every endpoint quickly and effectively.
Discretion can be critical when conducting investigations, and AD Enterprise ensures that employees and teams aren’t tipped off as you cull through data. Feel confident in monitoring content, scanning your network for violations, investigating IP theft and tracking employee misconduct.
Network Investigation & Post-Breach Analysis
From multiple office locations to massive employee pools and remote workers, AD Enterprise provides deep visibility into your organization’s data, to uncover employee wrongdoing and facilitate regulatory and legal requirements quickly and covertly.
Features Built Around You
Capabilities to Empower You
- The 7.2 version of AD Enterprise enables investigators to collect, process and analyze datasets containing Apple file systems that are encrypted, compressed or deleted.
- Additional 7.2 capabilities include the ability to decrypt a computer drive encrypted by the latest version of McAfee Drive Encryption and new L01 export support which eases the workflow of users when data must be used within multiple tools. To upgrade, contact us for more information.
- Preview live data at the endpoint, then filter on any attributes and choose to retrieve only the data that matters to your investigation.
- Extract essential information for your investigation from files on the endpoint with ready-made filters—or create your own filters—to speed analysis.
- Conduct live memory analysis to find traces of malware, gain insight into potential insider threats, and investigate unknown activity within temporary storage faster than ever before, all within a user-friendly single-agent infrastructure.
- Get endpoint insights into artifacts important to an investigation. Filter on virtually any attribute, such as Windows Defender Antivirus event log, McAfee Antivirus Log, Net Logon events, Remote Login events, Network shares, Windows Registry events, Windows Firewall Log, SSH – PuTTY, KiTTY, MobaXterm, Xshell, OpenSSH known_hosts file, and much, much more!
- AD Enterprise supports forensic examination on a broad range of operating systems including Windows®, Linux®, Mac®, UNIX®, Android™ and iOS®.
- Customizable processing profile buttons help create a set of standards for processing particular types of investigations.
- Perform multipass data review and change indexing options without reprocessing your data.
- Perform differential analysis on volatile data to see changes over time and facilitate identification of potential threats.
- Restore partially deleted data, fragmented files, hidden processes and volatile data from a wide array of file types and data sources.
- Investigate with ease, using wizard-driven processing and reporting with intuitive and user-friendly interface.
- Parse, review and analyze mobile chat data from the most-used chat applications.
- Automate email notifications at more case milestones for more users.
- Automatically expand audit log and evidence tracking detail to improve chain of custody documentation.
- With forensically sound collection capabilities and the AccessData® single, secure back-end database reducing data movement and potential data spoliation, you can be confident evidence is collected and preserved in a legally defensible manner.
- Support for investigations on WinMagic SecureDoc encrypted drives.
- Pause and resume feature ensuring that, if a machine goes off network, jobs will continue where they left off once the machine is back online.
What Clients Are Saying
approach to improving how you collect, analyze and use data.