Difference between pages "Tools:Network Forensics" and "ADF Solutions"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Network Forensics Packages and Appliances)
 
(Contact)
 
Line 1: Line 1:
=Network Forensics Packages and Appliances=
+
ADF Solutions is a Maryland-based company that develops automated tools for forensic investigation.
; [[E-Detective]]
+
: http://www.edecision4u.com/
+
: http://www.digi-forensics.com/home.html
+
  
; [[Burst]]
+
=Contact=http://www.forensicswiki.org/w/skins/common/images/button_headline.png
: http://www.burstmedia.com/release/advertisers/geo_faq.htm
+
ADF Solutions, Inc.<br>
: Expensive [[IP geolocation]] service.
+
7910 Woodmont Ave. Suite 260<br>
 +
Bethesda, MD 20814<br>
 +
http://www.adfsolutions.com/
  
; [[chkrootkit]]
+
=Overview=
: http://www.chkrootkit.org
+
<p> [http://www.adfsolutions.com Advanced Digital Forensic Solutions, Inc.](ADF Solutions, Inc., or ADF Solutions) is a privately held, minority-owned small business based in Bethesda, Maryland. The company was founded in 2005 by J.J. Wallia and Raphael Bousquet. </p>
 +
<p>ADF Solutions develops tools for media exploitation (MEDEX) and [[digital forensics]] triage. These tools scan computers and digital devices and rapidly extract intelligence and evidence to identify individuals who are a threat to public safety or national security. They are used in digital forensic labs and used by field operatives in defense, intelligence, law enforcement, border security, and other government agencies worldwide. </p>
  
; [[cryptcat]]
+
=ADF Products=
: http://farm9.org/Cryptcat/
+
<p>ADF offers [http://http://www.adfsolutions.com/products/ three main products]: Triage-G2, Triage-Examiner, and Triage-Responder. </p>
 +
<p>[http://www.adfsolutions.com/products/triage-g2 Triage-G2] is a media exploitation ([[MEDEX]]) tool used by field operatives to extract intelligence from computers and peripheral devices. Triage-G2 was specifically designed to be used by nontechnical operators and deployed using a small, portable triage key (a 32GB USB drive) that doesn’t require a computer or other heavy equipment for field deployment. The keys can be prepared in advance at the base or in the field by using one click to select mission-specific search criteria. Triage-G2 is used by several U.S. defense and intelligence agencies. </p>
 +
<p>[http://www.adfsolutions.com/products/triage-examiner Triage-Examiner] is used by forensic examiners to scan suspect computers and prioritize the computers for full forensic examinations. Triage-Examiner is used by [[Law Enforcement]] agencies worldwide. Triage-Examiner Lab Add-On is an additional software component that works with Triage-Examiner for examiners who need to run the software on their laptops or forensic workstations to scan drive images, physical drives, DVDs, CDs, and other removable media that are connected to the workstation. </p>
 +
<p>[http://www.adfsolutions.com/products/triage-responder Triage-Responder ]is designed for nontechnical law enforcement investigators in the field to scan suspect computers for evidence of a crime. This tool also uses lightweight USB deployment and provides detailed field reporting capabilities. This tool was developed in partnership with the U.S. Department of Homeland Security Science and Technology Directorate. </p>
  
; [[Enterasys Dragon]]
+
=Discontinued Products=
: http://www.enterasys.com/products/advanced-security-apps/index.aspx
+
• Triage-ID® <br>
: Instrusion Detection System, includes session reconstruction.
+
• Triage-Lab® <br>
 +
• Triage-Investigator®
  
 +
=ADF Patented Technology=
 +
ADF Solutions has been granted two U.S. patents (#7,941,386 and #8,219,588) for its SearchPak® technology.
  
; [[ipfix]]/[[netflow v5/9]]
+
=SearchPak®=
: http://www.mantaro.com/products/MNIS/collector.htm
+
<p>The SearchPak is a container of forensic search intelligence. It allows analysts and operators to precisely describe the forensic search or data exploitation to be conducted on a target system. As a secure container, the SearchPak can be used to automate recurring data exploitation jobs and can be shared among agencies or between operators.
: MNIS Collector is an IPFIX collector which also supports legacy Netflow. It was designed to be used with the MNIS Exporter, which is a Deep Packet Inspection probe that can be used to decode 300+ protocols on up to 20 Gbps and report the information in IPFIX.
+
SearchPaks can be user-defined and are encrypted with an AES 256-bit [[encryption]] key. </p>
 +
<p>Agencies can create their own SearchPaks and share them among examiners, teams, and other operators.</p>
  
 +
<p>SearchPaks can be generic or mission-specific: </p>
 +
Examples of Generic SearchPaks <br>
 +
<blockquote>• Collect all pictures, videos, and documents accessed in the past six months on a target machine. <br>
 +
• Detect any installed application that can facilitate hiding data. <br>
 +
• Collect all iPhone backup files. </blockquote>
 +
Examples of Mission-Specific SearchPaks <br>
 +
<blockquote>• Collect files that match a set of known hash values. <br>
 +
• Collect all documents, text files, or emails that contain the keyword “Operation Kandahar.”</blockquote>
  
; [[Mantaro Network Intelligence Solutions (MNIS)]]
+
=DHS S&T First Responder Cyber Forensic Field Kit=
: http://www.mantaro.com/products/MNIS/index.htm
+
In 2010, ADF Solutions was selected by the U.S. Department of Homeland Security Science and Technology Directorate to develop a universal forensic triage field kit that would aid law enforcement officers in extracting information and evidence from computers and other devices being examined in active criminal or terrorist investigations. Once extracted, the data can immediately be viewed, so investigators can take appropriate action while saving the data for future forensic analysis.
: MNIS  is a comprehensive and scalable network intelligence platform for network forensics and various other applications. It is built on high speed Deep Packet Inspection and metadata alerting.  It can be used to understand network events before and after an event. It scales from LAN environments to 20 Gbps service provider networks.
+
<p>As the result of this DHS initiative, ADF Solutions released Triage-Responder in 2012. The tool is being deployed to federal, state, and local law enforcement agencies throughout the U.S.</p>
: http://www.mantaro.com/products/MNIS/network_intelligence_applications.htm#network_forensics
+
  
 +
=Media Exploitation=
 +
ADF Solutions focuses on digital forensic triage and can be applied to document and media exploitation. Triage-G2 has features designed specifically for media exploitation. <p>
 +
According to technopedia.com, document and media exploitation is defined as the extraction, translation, and analysis of physical and digital documents and media to generate useful and timely information. Also known as DOMEX, it is a very similar discipline to computer forensics or digital forensics.</p> 
  
; [[MaxMind]]
+
=Company Timeline=
: http://www.maxmind.com
+
: [[IP geolocation]] services and data provider for offline geotagging. Free GeoLite country database. Programmable APIs.
+
  
; [[netcat]]
+
2005: ADF Triage-ID® field forensic triage tool is released <br>
: http://netcat.sourceforge.net/
+
2006: ADF Triage-Lab® forensic triage tool for laboratory is released <br>
 +
2008: ADF Solutions releases Triage-Live®, a forensic triage tool to scan a powered-on computer <br>
 +
2009: ADF Solutions granted U.S. patent for forensic triage technology <br>
 +
2010: Complete ADF Triage platform released: Triage-Examiner® and Triage-G2® <br>
 +
2010: ADF Solutions granted another U.S. patent for forensic triage technology <br>
 +
2011: ADF awarded contract from the U.S. Department of Homeland Security to build triage “First Responder Cyber Forensic Field Kit” <br>
 +
2012: ADF releases Triage-Responder®, a forensic triage tool designed specifically for first responders and nontechnical investigators <br>
  
 +
=News=
 +
<p>Digital forensic triage and/or ADF Solutions has been described or highlighted in many different publications:</p>
 +
• [http://www.adfsolutions.com/about/driving-efficiencies-npia-pilot-program-is-a-major-success-describes-article "NPIA Pilot Program Is a Major Success"] <br>
 +
• [http://www.adfsolutions.com/about/success-of-npia-eforensics-pilot-set-to-help-forces-bring-more-offenders-to-justice-quicker Success of NPIA e-Forensics pilot set to help forces bring more offenders to justice quicker (NPIA Press Release)]<br>
 +
• [http://www.scmagazine.com/adf-solutions-triage-examiner/review/3645/ SC Magazine Issues 5-Star Rating of Triage-Examiner 3.3]<br>
 +
• [http://f-interviews.com/2012/03/01/interview-with-harry-parsonage/ Insights into Digital Forensics: Interview with Harry Parsonage]<br>
 +
• [http://www.nottinghamshire.police.uk/newsandevents/news/2012/february/13/software_helps_capture_online_paedophiles/ Digital Forensic Triage Gets Tangible Results, Secures Convictions]<br>
 +
• [http://www.publicservice.co.uk/news_story.asp?id=18041 Police to speed up e-forensics to bring offenders to justice]<br>
 +
• [http://www.popularmechanics.com/technology/military/news/the-special-operations-forensic-tool-kit-metal-tec-1400#slide-10 Popular Mechanics: The Special Operations Forensic Tool Kit]<br>
 +
• [http://www.thisisnottingham.co.uk/New-software-help-police-catch-web-paedophiles/story-12264526-detail/story.html New software to help police catch web paedophiles (Nottingham Post)]<br>
 +
• [http://cyberspeak.libsyn.com/cyber-speak-november-1-2010http-adfsolutions-com- ADF on CyberSpeak’s Podcast]<br>
 +
• [http://www.dfinews.com/article/parameters-selecting-triage-tool DFI News: Parameters for Selecting a Triage Tool]<br>
 +
• [http://www.adfsolutions.com/about/graduates-find-incubators-help-breed-success Graduates Find Incubators Help Breed Success]<br>
 +
• [http://www.adfsolutions.com/about/uk-force-has-cut-huge-backlog-using-new-triage-id-scanning-software UK force has cut huge backlog using new Triage-ID scanning software]<br>
 +
• [http://www.adfsolutions.com/about/uk-police-we-need-crime-breathalysers-for-pcs UK police: ‘We need crime breathalysers for PCs’]<br>
 +
• [http://www.adfsolutions.com/about/smart-software-helps-secure-quick-conviction Smart software helps secure quick conviction]<br>
 +
• [http://www.adfsolutions.com/wp/wp-content/uploads/notts-police-leads-uk-in-chil1.pdf Notts Police Lead UK in Child Porn Fight]<br>
 +
• [http://www.adfsolutions.com/wp/wp-content/uploads/times-colonist-digital-times-colonist-23-apr-2007.pdf Child porn scanner averts cop burnout]<br>
 +
• [http://www.adfsolutions.com/wp/wp-content/uploads/ICYA2006Finalists.pdf Finalists Selected for 2006 Maryland Incubator Company of the Year Awards]<br>
 +
• [http://www.washingtonpost.com/wp-dyn/content/article/2006/03/26/AR2006032600808.html Washington Post – Start-Up section]<br>
 +
• [http://www.adfsolutions.com/wp/wp-content/uploads/mips_r37_release1.pdf New Cancer Test, Arthritis Treatment, Digital Forensic Tool Among 14 Announced University of Maryland MIPS Research Projects]
  
; [[netflow]]/[[flowtools]]
+
=Social Media and other Websites=
: http://www.cisco.com/warp/public/732/Tech/nmp/netflow/index.shtml
+
<H4>Social media</H4>
: http://www.splintered.net/sw/flow-tools/
+
<p>[http://www.facebook.com/adfsolutions Facebook]<br>
: http://silktools.sourceforge.net/
+
[https://twitter.com/adfsolutions Twitter]<br>
: http://www.vmware.com/vmtn/appliances/directory/293 Netflow Appliance (VMWare)
+
[http://www.linkedin.com/company/247174?goback=%2Efcs_GLHD_adf+solutions_false_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2&trk=ncsrch_hits LinkedIn]<br>
 +
[http://www.youtube.com/user/ADFSolutionsInc You Tube]<br>
 +
[https://plus.google.com/u/0/116499277699076435840/posts Google+]</p>
 +
<H4>Other Websites</H4>
 +
[http://www.adfsolutions.com ADF Solutions]<br>
 +
[http://www.forensictriage.com Forensic Triage]<br>
 +
[http://www.mediaexploitation.com Media Exploitation]
  
; NetDetector
 
: http://www.niksun.com/product.php?id=4
 
: NetDetector is a full-featured appliance for network security surveillance, signature-based anomaly detection, analytics and forensics. It complements existing network security tools, such as firewalls, intrusion detection/prevention systems and switches/routers, to help provide comprehensive defense of hosted intellectual property, mission-critical network services and infrastructure
 
  
 
+
[[category:ADOMEX]]
; NetIntercept
+
: http://www.sandstorm.net/products/netintercept
+
: NetIntercept captures whole packets and reassembles up to 999,999 TCP connections at once, reconstructing files that were sent over your network and creating a database of its findings. It recognizes over 100 types of network protocols and file types, including web traffic, multimedia, email, and IM.
+
 
+
; NetVCR
+
: http://www.niksun.com/product.php?id=3
+
: NetVCR delivers comprehensive real-time network, service and application performance management. It is an integrated, single-point solution that decisively replaces multiple network performance monitoring and troubleshooting systems. NetVCR’s scalable architecture easily adapts to data centers, core networks, remote branches or central offices for LAN and WAN requirements
+
 
+
;NIKSUN Full Function Appliance
+
: http://www.niksun.com/product.php?id=11
+
: NIKSUN’s Full-Function Appliance combines the value of both NetDetector and NetVCR for complete network performance and security surveillance. This plug-and-play appliance offers customers a complete range of network security and performance monitoring solutions that identify, capture and analyze the root-cause of any security or network incident the first time! The unique enterprise-wide network visibility provided by this product is extremely attractive to large enterprises requiring an integrated and proactive solution to combat the constant barrage of security and network incidents such as worms, viruses, Trojan-horse attacks, Denial of Service (DoS) attacks, outages, overload and service slowdown, etc.
+
 
+
; NetOmni
+
: http://www.niksun.com/product.php?id=1
+
: NetOmni provides global visibility across the network so IT professionals can manage multiple products and vendors from one central location. NetOmni streamlines the network management process in a manner conducive to a “best-practices” model that ensures Service Level Agreements (SLA), Quality of Services (QoS) and maximum revenue opportunities.
+
 
+
; NISUN Puma Portable
+
: http://www.niksun.com/product.php?id=15
+
: NIKSUN's Puma, a portable network monitoring appliance, allows customers to leverage the state-of-the-art network performance, security and compliance monitoring technology as a robust luggable appliance that can be conveniently used in the field. Deployed in a few short steps, Puma offers with exceptional functionality of NIKSUN's renowned performance and security monitoring technology within minutes to field personnel. Puma, is now capable of monitoring networks at 10G speeds. The incorporation of real-time 10G monitoring to the Puma feature-set enhances the already excellent value that Puma provides to customers, making it the go-to portable monitoring and forensics tool for network professionals
+
 
+
 
+
; [[ipfix]]/[[netflow v5/9]]
+
: http://www.mantaro.com/products/MNIS/collector.htm
+
: MNIS Collector is an IPFIX collector which also supports legacy Netflow.  It was designed to be used with the MNIS Exporter, which is a Deep Packet Inspection probe that can be used to decode 300+ protocols on up to 20 Gbps and report the information in IPFIX.
+
 
+
 
+
 
+
; [[NetworkMiner]]
+
: http://sourceforge.net/projects/networkminer/
+
: http://www.netresec.com/?page=NetworkMiner
+
: NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files. The purpose of NetworkMiner is to collect data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames). NetworkMiner has, since the first release in 2007, become popular tool among incident responce teams as well as law enforcement. NetworkMiner is today used by companies and organizations all over the world.
+
: NetworkMiner is available both as a [http://sourceforge.net/projects/networkminer/ free open source tool] and as a [http://www.netresec.com/?page=NetworkMiner commercial network forensics tool].
+
 
+
; [[rkhunter]]
+
: http://rkhunter.sourceforge.net/
+
 
+
; [[ngrep]]
+
: http://ngrep.sourceforge.net/
+
 
+
; [[nslookup]]
+
: http://en.wikipedia.org/wiki/Nslookup
+
: Name Server Lookup command line tool used to find IP address from domain name.
+
 
+
; [[Sguil]]
+
: http://sguil.sourceforge.net/
+
 
+
; [[Snort]]
+
: http://www.snort.org/
+
 
+
; [[ssldump]]
+
: http://ssldump.sourceforge.net/
+
 
+
; [[tcpdump]]
+
: http://www.tcpdump.org
+
 
+
; [[tcpxtract]]
+
: http://tcpxtract.sourceforge.net/
+
 
+
; [[tcpflow]]
+
: http://www.circlemud.org/~jelson/software/tcpflow/
+
 
+
; [[truewitness]]
+
: http://www.nature-soft.com/forensic.html
+
: Linux/open-source. Based in India.
+
 
+
; [[OmniPeek]] by [[WildPackets]]
+
: http://www.wildpackets.com/solutions/network_forensics
+
: http://www.wildpackets.com/products/network_analysis/omnipeek_network_analyzer/forensics_search
+
: OmniPeek is a network forensics tool used to capture, store, and analyze historical network traffic.
+
 
+
; [[Whois]]
+
: http://en.wikipedia.org/wiki/WHOIS Web service and command line tool to look up registry information for internet domain.
+
: http://www.arin.net/registration/agreements/bulkwhois.pdf Bulk WHOIS data request from ARIN
+
 
+
; [[IP Regional Registries]]
+
: http://www.arin.net/community/rirs.html
+
: http://www.arin.net/index.shtml American Registry for Internet Numbers (ARIN)
+
: http://www.afrinic.net/ African Network Information Center (AfriNIC)
+
: http://www.apnic.net/ Asia Pacific Network Information Centre (APNIC)
+
: http://www.lacnic.net/en/ Latin American and Caribbean IP Address Regional Registry (LACNIC)
+
: http://www.ripe.net/ RIPE Network Coordination Centre (RIPE NCC)
+
 
+
; [[Wireshark]] / Ethereal
+
: http://www.wireshark.org/
+
: Open Source protocol analyzer previously known as ethereal.
+
 
+
; [[Kismet]]
+
: http://www.kismetwireless.net/
+
: Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
+
 
+
; [[Xplico]]
+
: http://www.xplico.org/
+
: Open Source Network Forensic Analysis Tool (NFAT). Protocols supported: [http://www.xplico.org/status HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...]
+
 
+
=Command-line tools=
+
 
+
[[arp]] - view the contents of your ARP cache
+
 
+
[[ifconfig]] - view your mac and IP address
+
 
+
[[ping]] - send packets to probe remote machines
+
 
+
[[SplitCap]] http://splitcap.sourceforge.net/ - SplitCap is a free open source pcap file splitter.
+
 
+
[[tcpdump]] - capture packets
+
 
+
[[snoop]] - captures packets from the network and displays their contents ([[Solaris]])
+
 
+
[[nemesis]] - create arbitrary packets
+
 
+
[[tcpreplay]] - replay captured packets
+
 
+
[[traceroute]] - view a network path
+
 
+
[[gnetcast]] - GNU rewrite of netcat
+
 
+
[[packit]] - packet generator
+
 
+
[[nmap]] - utility for network exploration and security auditing
+
 
+
[[Xplico]] Open Source Network Forensic Analysis Tool (NFAT)
+
 
+
==ARP and Ethernet MAC Tools==
+
 
+
[[arping]] - transmit ARP traffic
+
 
+
[[arpdig]] - probe LAN for MAC addresses
+
 
+
[[arpwatch]] - watch ARP changes
+
 
+
[[arp-sk]] - perform denial of service attacks
+
 
+
[[macof]] - CAM table attacks
+
 
+
[[ettercap]] - performs various low-level Ethernet network attacks
+
 
+
==CISCO Discovery Protocol Tools==
+
[[cdpd]] - transmit and receive CDP announcements; provides forgery capabilities
+
 
+
==ICMP Layer Tests and Attacks==
+
[[icmp-reset]]
+
 
+
[[icmp-quench]]
+
 
+
[[icmp-mtu]]
+
 
+
[[ish]] - ICMP shell (like SSH, but uses ICMP)
+
 
+
[[isnprober]]
+
 
+
==IP Layer Tests==
+
[[iperf]] - IP multicast test
+
 
+
[[fragtest]] - IP fragment reassembly test
+
 
+
==UDP Layer Tests==
+
 
+
[[udpcast]] - includes UDP-receiver and UDP-sender
+
 
+
==TCP Layer==
+
 
+
[[lft]] http://pwhois.org/lft - TCP tracing
+
 
+
[[etrace]] http://www.bindshell.net/tools/etrace
+
 
+
[[firewalk]] http://www.packetfactory.net
+

Revision as of 19:20, 10 December 2012

ADF Solutions is a Maryland-based company that develops automated tools for forensic investigation.

=Contact=http://www.forensicswiki.org/w/skins/common/images/button_headline.png ADF Solutions, Inc.
7910 Woodmont Ave. Suite 260
Bethesda, MD 20814
http://www.adfsolutions.com/

Overview

Advanced Digital Forensic Solutions, Inc.(ADF Solutions, Inc., or ADF Solutions) is a privately held, minority-owned small business based in Bethesda, Maryland. The company was founded in 2005 by J.J. Wallia and Raphael Bousquet.

ADF Solutions develops tools for media exploitation (MEDEX) and digital forensics triage. These tools scan computers and digital devices and rapidly extract intelligence and evidence to identify individuals who are a threat to public safety or national security. They are used in digital forensic labs and used by field operatives in defense, intelligence, law enforcement, border security, and other government agencies worldwide.

ADF Products

ADF offers three main products: Triage-G2, Triage-Examiner, and Triage-Responder.

Triage-G2 is a media exploitation (MEDEX) tool used by field operatives to extract intelligence from computers and peripheral devices. Triage-G2 was specifically designed to be used by nontechnical operators and deployed using a small, portable triage key (a 32GB USB drive) that doesn’t require a computer or other heavy equipment for field deployment. The keys can be prepared in advance at the base or in the field by using one click to select mission-specific search criteria. Triage-G2 is used by several U.S. defense and intelligence agencies.

Triage-Examiner is used by forensic examiners to scan suspect computers and prioritize the computers for full forensic examinations. Triage-Examiner is used by Law Enforcement agencies worldwide. Triage-Examiner Lab Add-On is an additional software component that works with Triage-Examiner for examiners who need to run the software on their laptops or forensic workstations to scan drive images, physical drives, DVDs, CDs, and other removable media that are connected to the workstation.

Triage-Responder is designed for nontechnical law enforcement investigators in the field to scan suspect computers for evidence of a crime. This tool also uses lightweight USB deployment and provides detailed field reporting capabilities. This tool was developed in partnership with the U.S. Department of Homeland Security Science and Technology Directorate.

Discontinued Products

• Triage-ID®
• Triage-Lab®
• Triage-Investigator®

ADF Patented Technology

ADF Solutions has been granted two U.S. patents (#7,941,386 and #8,219,588) for its SearchPak® technology.

SearchPak®

The SearchPak is a container of forensic search intelligence. It allows analysts and operators to precisely describe the forensic search or data exploitation to be conducted on a target system. As a secure container, the SearchPak can be used to automate recurring data exploitation jobs and can be shared among agencies or between operators. SearchPaks can be user-defined and are encrypted with an AES 256-bit encryption key.

Agencies can create their own SearchPaks and share them among examiners, teams, and other operators.

SearchPaks can be generic or mission-specific:

Examples of Generic SearchPaks

• Collect all pictures, videos, and documents accessed in the past six months on a target machine.

• Detect any installed application that can facilitate hiding data.

• Collect all iPhone backup files.

Examples of Mission-Specific SearchPaks

• Collect files that match a set of known hash values.
• Collect all documents, text files, or emails that contain the keyword “Operation Kandahar.”

DHS S&T First Responder Cyber Forensic Field Kit

In 2010, ADF Solutions was selected by the U.S. Department of Homeland Security Science and Technology Directorate to develop a universal forensic triage field kit that would aid law enforcement officers in extracting information and evidence from computers and other devices being examined in active criminal or terrorist investigations. Once extracted, the data can immediately be viewed, so investigators can take appropriate action while saving the data for future forensic analysis.

As the result of this DHS initiative, ADF Solutions released Triage-Responder in 2012. The tool is being deployed to federal, state, and local law enforcement agencies throughout the U.S.

Media Exploitation

ADF Solutions focuses on digital forensic triage and can be applied to document and media exploitation. Triage-G2 has features designed specifically for media exploitation.

According to technopedia.com, document and media exploitation is defined as the extraction, translation, and analysis of physical and digital documents and media to generate useful and timely information. Also known as DOMEX, it is a very similar discipline to computer forensics or digital forensics.

Company Timeline

2005: ADF Triage-ID® field forensic triage tool is released
2006: ADF Triage-Lab® forensic triage tool for laboratory is released
2008: ADF Solutions releases Triage-Live®, a forensic triage tool to scan a powered-on computer
2009: ADF Solutions granted U.S. patent for forensic triage technology
2010: Complete ADF Triage platform released: Triage-Examiner® and Triage-G2®
2010: ADF Solutions granted another U.S. patent for forensic triage technology
2011: ADF awarded contract from the U.S. Department of Homeland Security to build triage “First Responder Cyber Forensic Field Kit”
2012: ADF releases Triage-Responder®, a forensic triage tool designed specifically for first responders and nontechnical investigators

News

Digital forensic triage and/or ADF Solutions has been described or highlighted in many different publications:

"NPIA Pilot Program Is a Major Success"
Success of NPIA e-Forensics pilot set to help forces bring more offenders to justice quicker (NPIA Press Release)
SC Magazine Issues 5-Star Rating of Triage-Examiner 3.3
Insights into Digital Forensics: Interview with Harry Parsonage
Digital Forensic Triage Gets Tangible Results, Secures Convictions
Police to speed up e-forensics to bring offenders to justice
Popular Mechanics: The Special Operations Forensic Tool Kit
New software to help police catch web paedophiles (Nottingham Post)
ADF on CyberSpeak’s Podcast
DFI News: Parameters for Selecting a Triage Tool
Graduates Find Incubators Help Breed Success
UK force has cut huge backlog using new Triage-ID scanning software
UK police: ‘We need crime breathalysers for PCs’
Smart software helps secure quick conviction
Notts Police Lead UK in Child Porn Fight
Child porn scanner averts cop burnout
Finalists Selected for 2006 Maryland Incubator Company of the Year Awards
Washington Post – Start-Up section
New Cancer Test, Arthritis Treatment, Digital Forensic Tool Among 14 Announced University of Maryland MIPS Research Projects

Social Media and other Websites

Social media

Facebook
Twitter
LinkedIn
You Tube
Google+

Other Websites

ADF Solutions
Forensic Triage
Media Exploitation