AD Triage from AccessData is an easy-to-use forensically sound triage tool for the on-scene preview and acquisition of computers that are live or have been shut down. Built on FTK technology, AD Triage is ideal for users who are inexperienced with computer forensics software, but need to preserve evidence in the field. Using AD Triage you can preview the file system and target data by criteria, including keyword(s), hash, regular expression, file size, date and time, extensions, file path and illicit images. In addition, users can collect network and system information, as well as live memory. It allows you to acquire the full disk, a volume, or peripheral devices, saving data to a USB device, an external hard drive or exporting the data to a designated location on the same network.
AD Triage version 2.1 brings the following enhancements:
Kiosk will bring up a new dialog giving users the option to select one of the predefined Profiles to execute.
Capture screenshots of individual windows including those that have been minimized, moved off screen or made “invisible.”
AD Triage now captures additional information from USB devices (first time it was seen by OS, date last mounted, user that mounted it, known drive letters and volumes associated with the device).
Administrators can now predefine the UNC Export Path.
Read and Write to USB 3.0 devices and more