The SuperImager® Plus 8” Field Unit – i7 Edition – 256GB and with (Dual Boot Option) is a mobile, compact an extremely fast Forensic Imaging unit that can serve as a complete Field Computer Forensic Investigation platform. The unit is running under Linux Ubuntu 64 bit. The SuperImager application can preforms extremely fast E01 compression, and allows user to control the number of compression threads (up to 16 threads). Forensic imaging speed can reach up to 29GB/min, and Hash authentication speed can reach up to 31GB/min, when using SSD drives!
Some example of the unit’s performances as Forensic Imager:
• Complete Hash verification operation with SHA-1 enabled on SSD @ 31GB/min, on WD 1TB Blue @10GB/min
• Complete Forensic Imaging 1:2 with SHA-1 enabled on 3 SanDisk Extreme II 120GB SSD @ 29GB/Min
• Forensic Imaging of 1:2 with E01 format with compression level 1 @ 8GB/min (Suspect Drive was full with 50% of random data and the compression rate was 66%)
The Unit Built: The unit is very compact and easy to carry, has built-in 8” Touchscreen color LCD display, 4 native SAS/SATA ports, 8 native USB3.0 ports, e-SATA port, 1Gigabit Ethernet ports, unit supports HDMI and DP port, and audio ports.
The Field Unit as Forensic Imaging Tool: In one read pass from the “Suspect” HDD, the SuperImager Plus application can run the following operations simultaneously: Forensic Imaging with E01 format and full compression, Encryption with AES256, simultaneously calculate 3 Hash Verification and Authentication values (MD5, SHA1, SHA2), a quick Binary Keyword Search, and Saving the captured Forensic Images to 2 “Evidence” hard disk drives, to a local network, and to external compact USB3.0/e-SATA TB RAID encrypted storage. The basic Forensic Imaging mode can be 1:1, 1:2, 1:3, 2:2 for SAS/SATA and USB3.0 storage devices.
The Unit as Complete Forensic Platform: In addition the unit can serve as a platform for a Forensic investigator to run a complete investigation and to perform:
1) Cellphones and Tablets data Extraction and Analysis
2) Forensic Triage data collection
3) A complete Computer Forensic investigation Analysis with applications such as: Nuix, FTK, EnCase, ProDiscovery
The Unit as Data Eraser: Supports DoD and Security Erase, Enhanced Security erase protocols that are NIST 800-88 compliance.
The Unit Performances: The SuperImager Plus 8″ Field unit is one of the top-of-the-line forensic imaging device on the market today. It will outperform many units running Windows with i7 CPU
The unit comes in 3 Optional configurations:
1) Basic model
2) Express Port enabled model – Where user can plug optional Express Card adapters like 1394 devices, or PCIE memory cards
3) Expansion Port enabled model – Where user can plug optional Expansion Box and connect SCSI hard disk drives
Main Hardware Features
- Forensic Images Destination: User can save Forensic Images to a local network shared folder for easy access and analysis, or save images to external USB3.0 RAID (encryption is optional) storage in a very good speed
- Captured Storage Protocols and Interfaces: SAS, SATA, e-SATA enclosures, IDE, USB2.0, USB3.0, MMC, M.2 (NGFF)*, 1394*, and SCSI*
- Form Factors: Capture data from various form factor devices: 3.5″, 2.5″, ZIF, 1.8″, Micro-SATA, Mini-SATA, PCIE*, Mini PCIE*, M.2(NGFF)*
- Cross Copy from Ports and Interfaces: The user can choose to capture from one type of port, storage protocol and interface, and save the forensic Images into a different port, storage protocol and interface. The cross copy of data can be done between SAS/SATA/IDE/USB/SCSI/1394 interfaces
- GUI: The application is built with large icons and is very simple and easy-to-navigate. In a few clicks user can set the operation, and it will be quickly up and running
- Speed: Extremely fast – Tested with Hash verification operation with SHA-1 enabled the recorded top speed was 30GB/min with Solid State Drive, and 10GB/min with 1TB WD Blue SATA-3 Hard Disk Drive
Extreme Speed when performing Forensic capture with E01/Ex01 formats and with full Compression:
The new Linux-based SuperImager Plus application utilizes and optimizes multiple CPU cores to achieve one of the most efficient operations, while performing at incredibly high speeds with E01/Ex01 compression. The application allows users to manually select and adjust the number of threads and the level of compression used during each session.
Forensic data capture with Encase E01/Ex01 formats with full compression is widely used operation in the forensic industry, and generally requires a trade-off between speed, space, and time of uncompressing by the EnCase application.
Comparative tests show a 20% increase in speed when using the
SuperImager Plus Linux-based application over the SuperImager Windows-based application. Tests were performed with the same hardware and the same hard disk drives (filled with 43% of random data), and the same level 1 of compression. The Linux-based application was set to use 16 compression threads.
Hash Authentication: Simultaneously calculates on-the-fly up to 3 Hash Authentication values MD5/SHA-1/SHA-2
Encryption: On-the-fly AES256 encryption of the “Suspect” Hard Disk Drive, saving the encrypted data on “Evidence” Hard Disk Drive in 100%, DD, E01/Ex01 formats
Forensic Images can be saved in those Formats: 100% Bit by Bit, Linux DD Format, Encase E01/Ex01 formats include options for optimized compression
Evidence Drive Formats: exFAT/FAT/NTFS/HFS /EXT4
Log Files: Audit trail in PDF formats, or txt formats with ability to customize the reports and adding company Logo
Drive Spanning: Supports spanning the captured data onto many “Evidence” drives, when the Evidence drives are not large enough (Also supports restore from spanned multiple drives)
Main application Features:
- Forensic Imaging Mode
- Forensic Restore back data to original
- Erase data from drives and Quick Format
- Hash calculation authentication and verification
Main Forensic Imaging Mode Features:
- Forensic Imaging Mode 100%, DD, E01/Ex01 – with optional compression
- Hash while capture: MD5, SHA-1, SHA-2 (all 3 can be selected simultaneously)
- Erase Reminder of the drive