ATRIO™ is a powerful, all-in-one hardware/software solution that fits in the palm of your hand. ATRIO™ features all of the forensics capabilities our customers expect, but with the added advantage of our patented simultaneous acquisition and exploitation capability. Using this capability, ATRIO™ creates a full physical forensic image of your evidence and begins to triage and review the data with as little as 5% acquisition completed. No more waiting for acquisition to finish and then transferring the data to another tool to begin the exploitation process! ATRIO’s intuitive, tactile button panel and easy-to navigate, intelligently-organized output welcome non-technical users into the world of digital forensics, so everyone can get more done. In the office or on-the-go, ATRIO™ is ready when you are.

• ATRIO™ has the ability to both acquire and exploit media on the fly with no or minimal impact to the acquisition timeline. The result is that the user has reviewable data as well as the forensic image in a time comparable to traditional acquisition times

• ATRIO™ will automate additional exploitation processing like file carving, registry extraction, web browser history, and object detection to name a few avoiding the manual process of stepping through each task

• ATRIO™ has the ability to process multiple E01 images previously acquired and stored on a single source drive. This automates the process of exploiting multiple images

• ATRIO™ includes hashing, wiping, virus scanning, experimental Artificial Intelligence support, and includes the NSRL database in the hashing capabilities

• The user interface is designed to be operated quickly with minimal forensics experience

ATRIO™ is a NIST approved Forensic Media Preparation and Disk Imaging Tool and the verification reports are published by the Department of Homeland Security. ATRIO™ uses a NIST tested software write block to maintain a read-only standard on the source port in order to protect the integrity of the data on the evidence device. At no point can the source port be used to auto mount a device or place it in a writeable configuration.

There is no additional software required to be purchased or installed. Everything that ATRIO™ produces is in non-proprietary formats so that anyone can work with the data. As long as the device can be connected via USB to the Source port, there is no additional hardware required.

ATRIO™ currently supports the acquisition and analysis of all current and past Windows operating systems, Unix/Linux distributions, and HFS+ macOS systems. In addition, ATRIO has the ability to extract and analyze Android Mobile file systems, backups, and installed memory cards.

ATRIO™ is designed to be as simple to use as possible, this includes the results. All output is in non-proprietary structures and formats. The output from ATRIO™ is an organized folder structure containing the exploited data with supplemental text and reporting html. The folders are organized by partitions so you know where the data came from and then each partition will contain the content type that ATRIO™ found. There is no need to download or learn additional software to review the results.