The SuperImager® Plus 8” SAS Forensic Field Unit and with (Dual Boot Option) is a mobile, compact, easy to carry and extremely fast Forensic Imaging unit that can serve as a complete Field Computer Forensic Investigation platform. The unit is running under Linux Ubuntu OS which is less targeted OS by malware, and it reduces the OS performance overhead especially when it perform compression by almost 20%.
The unit can be used to perform:
1) Multiple parallel Forensic Capture using Mirror copy , DD, E01/EX01(with full compression) formats, Mixed-Format DD/E01, Selective Imaging of files and folders
2) Erase data from Evidence drive using DoD (ECE, E), Security Erase, Sanitize erase protocols
3) View the CAPTURED data directly on Ubuntu Desktop Screen
4) Encrypt the data while capturing (AES256)
5) HASH the data while capturing (all the three at the same time SHA-1, SHA-2, MD5)
6) Run a quick Keyword Search on the Suspect drive, prior to capture
7) Run multiple Cellphone/Tablets data Extraction and Analysis
8) Run Forensic Triage application
9) Run a full Forensic Analysis application like Encase/Nuix/FTK
10) Run Virtual Drive Emulator
Case Study: Some example of the unit’s performances: Complete Hash verification operation with SHA-1 enabled on SSD @ 31GB/min, on WD 1TB Blue @10GB/min Complete Forensic Imaging 1:2 with SHA-1 enabled on 3 SanDisk Extreme II 120GB SSD @ 29GB/Min Forensic Imaging of 1 to 2 with E01 format with compression level 1 @ 8GB/min (“Suspect” Hard Disk Drive was full with 50% of random data and the compression rate was 66%).
The unit built-in: 8” Touchscreen color LCD display, 4 native SAS/SATA ports in drive slots, 8 native USB3.0 ports, e-SATA port, 2 Generic USB2.0 ports, 1Gigabit/s Ethernet ports, eSATA port, HDMI port, and 3 audio ports. The unit can be expanded with optional expansion port or express port to support SCSI and 1394 storage devices.
The SuperImager Plus 8” Rugged Forensic Field Unit as Forensic Imaging Tool: In one read pass from the “Suspect” Hard Disk Drive, the SuperImager Plus application can run the following operations simultaneously: Forensic Imaging with E01 format and with full compression, Encryption with AES256, simultaneously calculate 3 HASH Verification and Authentication values (MD5, SHA1, SHA2), and Saving the captured Forensic Images to 2 “Evidence” hard disk drives, to a local network, and to external compact USB3.0/e-SATA TB RAID encrypted storage. The basic Forensic Imaging mode can be 1:1, 1:2, 1:3, 2:2 for SAS/SATA and USB3.0 storage devices.
The Unit as Complete Forensic Platform: In addition the unit can serve as a platform for a Forensic investigator to run a complete investigation and to perform:
1) Cellphones and Tablets data Extraction and Analysis
2) Forensic Triage data collection
3) A complete Computer Forensic investigation Analysis with applications such as: Nuix, FTK, EnCase, ProDiscovery
The Unit as Data Eraser: Supports DoD and Security Erase, Enhanced Security erase protocols that are NIST 800-88 compliance.
The Unit Performances: The SuperImager Plus 8″ Field unit is one of the top-of-the-line forensic imaging device on the market today. It will outperform many units running Windows with i7 CPU
The unit comes in 3 Optional configurations:
1) Basic model
2) Express Port enabled model – Where user can plug optional Express Card adapters like 1394 devices, or PCIE memory cards
3) Expansion Port enabled model – Where user can plug optional Expansion Box and connect SCSI hard disk drives
Main Hardware Features
- Forensic Images Destination: User can save Forensic Images to a local network shared folder for easy access and analysis, or save images to external USB3.0 RAID (encryption is optional) storage in a very good speed
- Captured Storage Protocols and Interfaces: SAS, SATA, e-SATA enclosures, IDE, USB2.0, USB3.0, MMC, M.2 (NGFF)*, 1394*, and SCSI*
- Form Factors: Capture data from various form factor devices: 3.5″, 2.5″, ZIF, 1.8″, Micro-SATA, Mini-SATA, PCIE*, Mini PCIE*, M.2(NGFF)*
- Cross Copy from Ports and Interfaces: The user can choose to capture from one type of port, storage protocol and interface, and save the forensic Images into a different port, storage protocol and interface. The cross copy of data can be done between SAS/SATA/IDE/USB/SCSI/1394 interfaces
- GUI: The application is built with large icons and is very simple and easy-to-navigate. In a few clicks user can set the operation, and it will be quickly up and running
- Speed: Extremely fast – Tested with Hash verification operation with SHA-1 enabled the recorded top speed was 30GB/min with Solid State Drive, and 10GB/min with 1TB WD Blue SATA-3 Hard Disk Drive
Extreme Speed when performing Forensic capture with E01/Ex01 formats and with full Compression:
The new Linux-based SuperImager Plus application utilizes and optimizes multiple CPU cores to achieve one of the most efficient operations, while performing at incredibly high speeds with E01/Ex01 compression. The application allows users to manually select and adjust the number of threads and the level of compression used during each session.
Forensic data capture with Encase E01/Ex01 formats with full compression is widely used operation in the forensic industry, and generally requires a trade-off between speed, space, and time of uncompressing by the EnCase application.
Comparative tests show a 20% increase in speed when using the
SuperImager Plus Linux-based application over the SuperImager Windows-based application. Tests were performed with the same hardware and the same hard disk drives (filled with 43% of random data), and the same level 1 of compression. The Linux-based application was set to use 16 compression threads.
Hash Authentication: Simultaneously calculates on-the-fly up to 3 Hash Authentication values MD5/SHA-1/SHA-2
Encryption: On-the-fly AES256 encryption of the “Suspect” Hard Disk Drive, saving the encrypted data on “Evidence” Hard Disk Drive in 100%, DD, E01/Ex01 formats
Forensic Images can be saved in those Formats: 100% Bit by Bit, Linux DD Format, Encase E01/Ex01 formats include options for optimized compression
Evidence Drive Formats: exFAT/FAT/NTFS/HFS /EXT4
Log Files: Audit trail in PDF formats, or txt formats with ability to customize the reports and adding company Logo
Drive Spanning: Supports spanning the captured data onto many “Evidence” drives, when the Evidence drives are not large enough (Also supports restore from spanned multiple drives)
Main application Features:
- Forensic Imaging Mode
- Forensic Restore back data to original
- Erase data from drives and Quick Format
- Hash calculation authentication and verification
Main Forensic Imaging Mode Features:
- Forensic Imaging Mode 100%, DD, E01/Ex01 – with optional compression
- Hash while capture: MD5, SHA-1, SHA-2 (all 3 can be selected simultaneously)
- Erase Reminder of the drive