AD Triage 2.1 Available Now From AccessData

AD Triage from AccessData is an easy-to-use forensically sound triage tool for the on-scene preview and acquisition of computers that are live or have been shut down. Built on FTK technology, AD Triage is ideal for users who are inexperienced with computer forensics software, but need to preserve evidence in the field. Using AD Triage you can preview the file system and target data by criteria, including keyword(s), hash, regular expression, file size, date and time, extensions, file path and illicit images. In addition, users can collect network and system information, as well as live memory. It allows you to acquire the full disk, a volume, or peripheral devices, saving data to a USB device, an external hard drive or exporting the data to a designated location on the same network.

AD Triage version 2.1 brings the following enhancements:

Kiosk Mode
Kiosk will bring up a new dialog giving users the option to select one of the predefined Profiles to execute.

Screen Capture
Capture screenshots of individual windows including those that have been minimized, moved off screen or made “invisible.”

AD Triage now captures additional information from USB devices (first time it was seen by OS, date last mounted, user that mounted it, known drive letters and volumes associated with the device).

Get The Latest DFIR News!

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

Administrators can now predefine the UNC Export Path.

Read and Write to USB 3.0 devices and more

View the AD Triage 2.1 Release Notes for detailed information (PDF)
Download Upgrade

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...