All,
A few months ago, a post came through asking about
forensic duplication devices. I'd like to revisit that
issue.
My organization has a need to be able to quickly
duplicate hard drives for forensic purposes, and we're
now exploring these devices as an option.
We have a system in our forensics lab which uses
Trinux (and soon Biatchux) to duplicate as well, so
those paths have already been explored.
Analysis of the image is typically done using
Encase. Encase can support a raw dd-type image or
capture from the original hard drive.
These are my requirements:
1. Support for SCSI and IDE hard drives
2. Fairly fast duplication (approx 1 G/min)
3. Claim of forensic-quality capabilities
4. Methodology does not rely on duplicating to hard
drive with identical geometry.
5. Source drive write blocking by default.
6. Nice to have: optional evidence tag printer, hash
or checksum generator.
7. Must be very portable.
We've looked at the following products, at their web
site:
www.ics-iq.com Solo Product Line
www.logicube.com Forensic SF5000
Does anyone have EXPERIENCE with a device like the
above, and is willing to recommend it?
Thanks in advance,
J Jewitt
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jun 18 2002 - 17:54:40 PDT