Digital Evidence Investigator® PRO

Digital Evidence Investigator PRO

The All-in-One Tool to Investigate Mobile and Computer Devices

 

Digital Evidence Investigator® PRO (DEI PRO) software is the #1 automated digital forensic tool for mobile and computer investigations on scene and in the lab. DEI PRO collects digital evidence in cybercrime and presents it in a timeline view to tie the user to files and artifacts creating a digital evidence collection to help you solve your investigation and reduce forensic backlogs.

 

Rapidly assess Mac, Windows, Linux, ChromeOS, iOS, and Android devices, and external drives for prohibited materials like CSAM, usernames, and contacts in both field and laboratory settings. Empower investigators and examiners with automated insights, ensuring they can confidently utilize Digital Evidence Investigator® PRO

 

Key Highlights

  1. Achieve lightning-fast mobile scans in less than a minute.
  2. Employ keywords for precise evidence filtering relevant to your case.
  3. Identify the existence of secure folders and multiple user accounts.
  4. Scan multiple devices for evidence
  5. Employ hash matching to pinpoint files from established hash sets such as VICS or CAID
  6. Use built-in and custom search profiles for swift evidence discovery

 

The Ultimate All-in-One Forensics Tool

 

Digital Evidence Investigator® PRO is the all-in-one digital evidence forensics, triage, and media exploitation software built for speed, scalability, and ease of use for front-line investigators who need results.  ADF software quickly processes and analyzes smartphones (iOS, Android, and ChromeOS), computers, external drives, drive images, and other media storage (USB flash drives, memory cards, etc.).

 

With DEI PRO, you get all the capabilities of ADF Digital Evidence Investigator and Mobile Device Investigator in a single license.

 

Collect

 

  • Advanced logical acquisition of iOS/Android/ChromeOS data up to 4GB per minute
  • Scan and Image ChromeOS Devices
  • Live Preview Mode – View phone content immediately without waiting for a backup or imaging to finish
  • Auto-scroll when taking screenshots of long pages on Android
  • Screen Recording for Android, iOS, and ChromeOS Devices (up to Android 14 and iOS 17) with Preserved Audio
  • Support for the Developer Mode on iOS 17 and Android 14
  • Scan and acquisition support for iOS 17 and Android 14
  • Image live macOS computers via our remote agent and create an AFF4 logical image
  • Image live ARM CPU-based Window devices
  • Capture and organize screenshots of connected mobile devices while navigating with automatic processing to extract and index text for search, annotation, and reporting
  • Recover call records, messages, saved contacts, and calendar data
  • Recover WiFi connections, usernames, installed applications and Android user accounts
  • Recover pictures, videos, audio files, documents, and user-defined file types
  • Recover database files and Property Lists for later review
  • Recover browsers, browsing history, download history, search terms, form data, bookmarks, and more
  • Capture Revolut mobile app data and organize it in a financial transactions table (iOS)
  • Search for specific information using keywords, regular expressions, hash values, and PhotoDNA
  • Identify files or artifacts containing terms related to child exploitation
  • Automatically encrypt backup to obtain more data on iOS devices
  • Capture RAM and volatile memory
  • Rapidly search suspect media using large hash sets (>100 million), including VICS 2.0 and CAID
  • Find relevant files and artifacts using powerful keyword and regular expression search capability
  • Collect password-protected and corrupted files for later review
  • Collect iOS backups on target computers
  • Recover deleted records from apps using the SQLite database
  • Supports collection of artifacts from Windows and macOS (including T2 and M1 chips)
  • Image drives out-of-the-box with image verification and imaging log file
  • Recover images from unallocated drive space
  • Recover and process deleted partitions
  • Detect and warn of BitLocker and FileVault2-protected drives
  • Search and collect emails: MS Outlook, Windows Mail, Windows Live Mail 10, Apple Mail
  • Highly configurable artifact and file collection including web browser cached files, social media, P2P, Cryptocurrency, cloud storage, user login events, anti-forensic traces, saved credentials, files shared via Skype, USB history, user connection log, etc.
  • Investigate attached devices, live powered-on computers, boot scans from powered-off computers, forensic images, contents of folders, and network shares (including NAS devices)
  • Prepare a Collection Key without Search Profiles to select Captures just before a scan
  • Prepare a Collection Key: Protect the Collection Key with BitLocker (instead of the Search Profile option)
  •  Ability to borrow license tokens for collection keys
  • Deploy user-created Captures to the Collection Key when not using Search Profiles
  • Create new log files for logical images
  • Process logical images from the data container
  • Simplified data container to store Mac logical images
  • Scan full mobile device acquisitions and detect keychain/keystore files (GrayKey, UFED)
  • Use password and recovery key to decrypt and scan or image BitLocker volumes including those using the new AES-XTS encryption algorithm introduced in Windows 10
  • Process APFS partitions, NTFS, FAT, HFS+, EXT, ExFAT, and YAFFS2 file systems, compute MD5 and SHA1 on collected files for integrity validation
  • Leverage the powerful boot capability (including UEFI secure boot and Macs) to access internal storage that cannot easily be removed from computers
  • Direct access to the Capture screen with the ability to define the time range of data collection, define collection per app in a Search Profile, select Captures and apps before a live or boot scan, and exclude folders

 

Analyze

 

  • Leverage facial analysis age detection to quickly sort and identify infants, toddlers, children, and adults
  • View results while a scan is running
  • View chat conversations with bubbles to easily identify the senders and receivers with “Message Thread” hyperlink to select individual conversations
  • View thumbnail(s) of attached reference files (displays them in the HTML/PDF report as well)
  • In gallery view, filter out images that aren’t rendered
  • Filter search results with sorting and search capabilities (dates, hash values, tags, text filters, and more)
  • Search scan results using keywords, with results categorized by record type
  • View pictures and videos organized by visual classes such as people, faces, currency, weapons, vehicles, indecent pictures of children
  • View links between files of interest and user’s activities such as recently accessed files, downloaded files, attachments, and more
  • View highlighted encrypted files in the scan summary
  • Redact previews when exporting a report
  • Comprehensive video preview and frame extraction
  • Automatically tag hash and keyword matches
  • Define new file types and select individual ones to be processed
  • Display provenance, including comprehensive metadata, of all relevant files and artifacts
  • Reorder or disable post-scan tasks (classification of pictures, videos, or entity extraction) to run in the Viewer
  • ADD-ON: Entity Extraction and Language Translation Gisting (230 languages) available

 

Report

 

  • Precisely select which files and artifacts to export
  • Import hash values from a VICS/CAID database with the possibility to select categories
  • Import keyword list and prompt for default tags and comments if none are in the CSV file
  • Import hash values from the CSV file and prompt for default tags and comments if none are in the CSV file
  • Export errors when importing keywords or hash values
  • Log issues when importing data
  • Customize your report to show specific columns and redact pictures
  • Present information in a table or list
  • Include original files or previews only
  • HTML, PDF, and CSV reporting options
  • Export to other forensics applications with VICS / Project VIC (JSON) or CSV formats
  • Share scan results with a portable standalone viewer

 

Product Description

 

The Digital Evidence Investigator PRO Kit Includes:

 

  • One Licensed Digital Evidence Investigator® PRO Software Authentication Key
  • One Portable Travel Case
  • One 500GB SSD Collection Drive
  • One 4 Port USB Hub
  • One USB-A to iOS 30-pin Cable
  • One USB-A to iOS Lightning Cable
  • One USB-A to MicroUSB Cable
  • One USB-A to USB-C adapter
  • One Adapter USB-C to Ethernet and 3 USB-A
  • One Ethernet Cable
  • One USB-A to USB-C Cable
  • One USB-C to USB-C Cable
  • Software Maintenance and Support

 

Technical Specs

 

Recommended Technical Specs:

 

  • Windows 10 64-bit
  • Intel i7 CPU
  • 8GB Minimal, 16GB of RAM Recommended
  • 500GB PCIe NVMe SSD hard drive