Preview live data at the endpoint, then filter on any attributes and choose to retrieve only the data that matters to your investigation, saving time and cost.
Why You Want It
Today’s digital forensics teams face many challenges in a world filled with an overwhelming amount of data. From multiple office locations, to massive employee pools and remote workers, AD Enterprise provides deep visibility into live data directly at the endpoint, helping you conduct faster, more targeted enterprise-wide post-breach, HR and compliance investigations in a single, robust solution. With AD Enterprise, you can respond quickly, remotely and covertly while maintaining chain of custody, and facilitate focused forensic investigations and post-breach analysis, without interruption to business operations.
PREVIEW LIVE DATA
Perform collections from endpoints in multiple locations by deploying our remote Enterprise Agent to a broad range of operating systems, including Windows, Mac, Linux and more. Monitor threats and remediate security breaches remotely at every endpoint quickly and effectively.
Discretion can be critical when conducting investigations, and AD Enterprise ensures that employees and teams aren’t tipped off as you cull through data. Feel confident in monitoring content, scanning your network for violations, investigating IP theft and tracking employee misconduct.
Network Investigation & Post-Breach Analysis
From multiple office locations to massive employee pools and remote workers, AD Enterprise provides deep visibility into your organization’s data, to uncover employee wrongdoing and facilitate regulatory and legal requirements quickly and covertly.
Features Built Around You
See Remote Mac Collection in Action
When you need remote and covert collection from Mac operating systems, AD Enterprise 7.3 is the only tool on the market with the ability to mass deploy a remote Mac agent, without any manual intervention by the endpoint user. New integration with Jamf® deployment provides greater visibility into activity on all endpoints, network shares and peripheral devices, even those running on macOS® Catalina or Mojave.
Capabilities to Empower You
- Collect and analyze data from remote Windows endpoints that are outside the corporate network with no VPN connectivity by using our Site Server Integration.
- Collect from data sources in the cloud, including from Network Shares, Microsoft® Exchange, Gmail™, OneDrive®, Google Drive™, SharePoint®, and Microsoft Teams.
- Support for whole disk decryption of FileVault 2 from the APFS file system.
- Collect, analyze and compare volatile data from endpoints on demand from the latest Windows® OS, including Windows 10 for a complete and accurate analysis.
- Collect data from Mac agents faster than before with the new ability to use NFS (network file system) technology.
- The 7.3 version of AD Enterprise features Jamf® integration to covertly deploy the AD Enterprise agent and permissions to endpoints automatically, allowing for mass deployment and expanded remote collection capabilities from MacOS® devices.
- Additional 7.3 capabilities include the ability to decrypt a computer drive encrypted by the latest version of Check Point, and updated support for AFF4 and TX1-created LX01 and E01 images, which streamlines the user's workflow when collecting and importing data from multiple third-party tools.
- AD Enterprise enables investigators to collect, process and analyze datasets containing Apple file systems that are encrypted, compressed or deleted.
- Decryption support for computer drives encrypted by the latest version of Check Point encryption, McAfee Drive Encryption, WinMagic SecureDoc encryption, plus L01 export support
- Preview live data at the endpoint, then filter on any attributes and choose to retrieve only the data that matters to your investigation.
- Extract essential information for your investigation from files on the endpoint with ready-made filters—or create your own filters—to speed analysis.
- Conduct live memory analysis to find traces of malware, gain insight into potential insider threats, and investigate unknown activity within temporary storage faster than ever before, all within a user-friendly single-agent infrastructure.
- Get endpoint insights into artifacts important to an investigation. Filter on virtually any attribute, such as Windows Defender Antivirus event log, McAfee Antivirus Log, Net Logon events, Remote Login events, Network shares, Windows Registry events, Windows Firewall Log, SSH – PuTTY, KiTTY, MobaXterm, Xshell, OpenSSH known_hosts file, and much, much more!
- AD Enterprise supports forensic examination on a broad range of operating systems including Windows®, Linux®, Mac®, UNIX®, Android™ and iOS®.
- Customizable processing profile buttons help create a set of standards for processing particular types of investigations.
- Perform multipass data review and change indexing options without reprocessing your data.
- Perform differential analysis on volatile data to see changes over time and facilitate identification of potential threats.
- Restore partially deleted data, fragmented files, hidden processes and volatile data from a wide array of file types and data sources.
- Investigate with ease, using wizard-driven processing and reporting with intuitive and user-friendly interface.
- Parse, review and analyze mobile chat data from the most-used chat applications.
- Automate email notifications at more case milestones for more users.
- Automatically expand audit log and evidence tracking detail to improve chain of custody documentation.
- With forensically sound collection capabilities and the AccessData® single, secure back-end database reducing data movement and potential data spoliation, you can be confident evidence is collected and preserved in a legally defensible manner.
- Pause and resume feature ensuring that, if a machine goes off network, jobs will continue where they left off once the machine is back online.
What Clients Are Saying
approach to improving how you collect, analyze and use data.