AD Triage from AccessData is an easy-to-use forensically sound triage tool for the on-scene preview and acquisition of computers that are live or have been shut down. Built on FTK technology, AD Triage is ideal for users who are inexperienced with computer forensics software, but need to preserve evidence in the field. Using AD Triage you can preview the file system and target data by criteria, including keyword(s), hash, regular expression, file size, date and time, extensions, file path and illicit images. In addition, users can collect network and system information, as well as live memory. It allows you to acquire the full disk, a volume, or peripheral devices, saving data to a USB device, an external hard drive or exporting the data to a designated location on the same network.
AD Triage version 2.1 brings the following enhancements:
Kiosk Mode
Kiosk will bring up a new dialog giving users the option to select one of the predefined Profiles to execute.
Screen Capture
Capture screenshots of individual windows including those that have been minimized, moved off screen or made “invisible.”
USB
AD Triage now captures additional information from USB devices (first time it was seen by OS, date last mounted, user that mounted it, known drive letters and volumes associated with the device).
Export
Administrators can now predefine the UNC Export Path.
Read and Write to USB 3.0 devices and more
View the AD Triage 2.1 Release Notes for detailed information (PDF)
Download Upgrade