I have been using Logicube's Forensic Solitaire. It meets all your requirements. The transfer rate however is advertised at about 1gb/min but is realistically about 700MB/min. If you opt to prepare your drives before capture (Forensic Best Practice) you can do so before an investigation by selecting to "prepare drive". or during (The device will overwrite first then capture all in one operation.) I have verified the wipe and it overwrites the entire drive with zeroes except in one location where it displays "Logicube". I am not certain of the offset off the top of my head but I can get it for you. The device comes with an airsealable hard case, all connections, printer, and power cables. When you complete the capture you can print out the report. The device does a CRC and displays this on the report. It is for the most part a great device. It sometimes takes a while for the device to recognize the two drive especially if they are from different manufacturers, but this is only a matter of getting the jumper settings correct. >>> J Jewitt <jjewitt2001at_private> 06/18/02 12:17PM >>> All, A few months ago, a post came through asking about forensic duplication devices. I'd like to revisit that issue. My organization has a need to be able to quickly duplicate hard drives for forensic purposes, and we're now exploring these devices as an option. We have a system in our forensics lab which uses Trinux (and soon Biatchux) to duplicate as well, so those paths have already been explored. Analysis of the image is typically done using Encase. Encase can support a raw dd-type image or capture from the original hard drive. These are my requirements: 1. Support for SCSI and IDE hard drives 2. Fairly fast duplication (approx 1 G/min) 3. Claim of forensic-quality capabilities 4. Methodology does not rely on duplicating to hard drive with identical geometry. 5. Source drive write blocking by default. 6. Nice to have: optional evidence tag printer, hash or checksum generator. 7. Must be very portable. We've looked at the following products, at their web site: www.ics-iq.com Solo Product Line www.logicube.com Forensic SF5000 Does anyone have EXPERIENCE with a device like the above, and is willing to recommend it? Thanks in advance, J Jewitt __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 08:16:37 PDT