What is Logicube Forensic Dossier?
The Forensic Dossier captures and authenticates data at speed up to 6.0GB/min! The Dossier can capture data from one or two suspect drives to either one or two evidence drives simultaneously. With built-in support for capture from SATA/IDE hard drives, flash media and RAID Pairs, and with data capture Authentication of MD5 and SHA-256.
♣ Manufacturer: Logicube
♣ Price:
Logicube Forensic Dossier € 2750
Logicube Forensic Dossier KIT € 3950
the kit includes a power supply, two each of 5″, 9″ and 18″ data and power cables (both UDMA and SATA), SATA, firewire and mini USB cables, eSATA and microSATA cables, E01 file format software option, a compact flash card, CloneCard PRO PCMCIA adapter, 2.5″, 1.8″ and ZIF adapters, screwdriver, flashlight, a CD-ROM with Dossier software and a users manual
Logicube Forensic Dossier KIT € 3950
the kit includes a power supply, two each of 5″, 9″ and 18″ data and power cables (both UDMA and SATA), SATA, firewire and mini USB cables, eSATA and microSATA cables, E01 file format software option, a compact flash card, CloneCard PRO PCMCIA adapter, 2.5″, 1.8″ and ZIF adapters, screwdriver, flashlight, a CD-ROM with Dossier software and a users manual
♣ What kind of problems are Forensic Dossier able to solve?
* The ability to create clones, DD images or EO1 Images
* HPA and DCO data Capture
* It can be used to create two images, from one evidence drive simultaneously. Alternatively it can image/clone two hard drives simultaneously.
* Built-in Support for RAID drive Pair
* HPA and DCO data Capture
* It can be used to create two images, from one evidence drive simultaneously. Alternatively it can image/clone two hard drives simultaneously.
* Built-in Support for RAID drive Pair
* Audit Trail Reporting: Generate and write to compact flash for review and printing
* It can image direct from a computer (laptop or mac) by booting the device with software provided–This will slow the imaging down, compared to the 6 GB/min through put rate, which is based on imaging S-ATA to S-ATA
* Advanced Keyword Search
♣ Advantages:
* With on-the-fly MD5 authentication and advanced keyword search
* Support wide range of hard drive interface
♣ Disadvantages:
* Has Limitation to large capacity hard drives
* The data transfer speed is far away from its promised one.
* The data transfer speed is far away from its promised one.
♣ Upgrade and Technique support: Charged upgrade and limited technique support
♣ DataTools Review Ideas and Tips:
“A few months ago my agency purchased the LogiCube Forensic Dossier for faster hard drive imaging. I was going to buy the Talon, but the Dossier promised much faster speeds and the ability to image drives in the .E01 evidence file format. Here are some of my findings so far:
1. The Dossier rarely images faster than 3GB/min, making it about the same speed as the Talon (another LogiCube imaging device). LogiCube boasts speeds greater than 7GB/min for the Dossier, but I have yet to see it image faster than 3.5GB/min, and that’s using 7200rpm SATA source and destination drives. However, it does CONSISTENTLY image between 2-3GB/min, which is still must faster than USB.
2. The Dossier boasts that it can image in .E01 format, but there should be some disclaimers to that. The .E01 format used by the Dossier is only compatible with EnCase, and you will not get a matching hash value in FTK. Also, if you pull your .E01 image into FTK, most likely you will never be able to pull it into EnCase, it somehow corrupts it (the two tools use different .E01 formats). I recommend imaging the drive in DD format using the Dossier, then re-acquire the DD (raw) image as an .E01 inside EnCase (raw images have a tendency to become corrupt inside EnCase).
There is no .E01 compression with the Dossier. In other words, if you image a 250GB drive that only has 5GB of data on it using the Dossier, your image will still be 250GB. EnCase and FTK both compress .E01′s like this, the Dossier will not (although a future firmware update that addresses this has been promised).
3. The Dossier can reconstruct a simple standard RAID drive pair into one image (0, 1, JBOD). This is pretty nifty. It must be a standard RAID, not a proprietary solution.
I have yet to get the Dossier to wipe a drive successfully. My Dossier keeps jacking that up somehow. That could just be mine, I need to call LogiCube about this.
4. LogiCube tech support is actually pretty good. They are very friendly and pleasant to deal with on the phone. They are very up front about what their product can an can’t do, albeit slightly too optimistic about their capture speeds and .E01 format in my opinion (which is to be expected).
Another good use is the ability to clone a drive. This comes in handy for PlayStation 3 (PS3) forensics, where you cannot use a write-blocker to boot the PS3 HDD natively, and you cannot analyze the encrypted image or use the drive in any other PS3. With the Dossier, it is simple to clone the drive then boot the suspect’s PS3 using the copied drive, thus never altering your original evidence.”
没有评论:
发表评论