What about WinHex (X-Way?) forensic imaging? I heard it's the fastest but I never had the chance to try it.
Maybe the issue lies within the EWF format itself? Maybe it's because it only allows a slow deflate compression (rather than just skipping empty sectors therefore allowing a full-speed read)?
Also isn't it puzzling that forensic formats don't seem to have a recovery record to allow recovering partially corrupted images? A single cluster gone awry can cause all sorts of havoc.
FTK imager is one of the slower imaging tools around, but that is partly due to the hashing process it uses.
Xways has consistently been the fastest imaging tool that I've seen, but from what you are saying there this tool seems much faster again..might have to look into it.
Hello, I am, what you could class as the "inventor" of our patented technology Ballistic. Many thanks for the forum comments. The tool was designed through frustration of current technologies (software and hardware) being too slow, data becoming too big, training burden and scope for error (removing drives - thing of the past!) and time remaining limited. We (MCMS) solved this complex task. Interesting comments on here.
Challenge of the day - 1 operator 160 gb of data
128gb Laptop
16GB USB 3.0 DRIVE
8GB USB DRIVE
4GB SD CARD
4GB CF CARD
How long to image??
Any q's please drop me a mail.
Maybe I overlooked this kind of information, but I have not understood if this Ballistic thingy is
- software only
- hardware only
- software+hardware
[/listo]
and, if either 1 or 3 if it runs on the booted OS (which), if it runs from bootable media (under which "base" OS) or if it can run on both.
@paul_mcms
Possibly (of course without revealing any trade secret or the like) if you could publish a brief description of the tool and it's features (on your site or posting here) it would be beneficial to everyone, including raising more interest in it.
jaclaz
I can help with those.
I bought it on a 256GB Kingston Hyper X stick, and the license for the software is tied to that device. You also have the option of adding your own hardware, so you can use whatever drive you want. They gave me the option to buy additional hardware with the software.
OS-wise, it runs on a live Windows PC. The boot environment they provide is a WinFE environment, which will boot any Intel machine. Bootable media provided is a USB stick and a CD, and they gave me a copy of the iso so I can make my own boot media. The iso and software updates are all on the website, which you get access to once you buy the tool.
I tested it today using a Zalman caddy running a virtual CD Rom with their iso, and it worked fine on both Windows and Macs.
Hope that helps,
OS-wise, it runs on a live Windows PC. The boot environment they provide is a WinFE environment, which will boot any Intel machine.
Good, thanks.
So, all in all it is something "comparable" to FTK imager, only much faster, right?
Coincidentally, JFYI
http//
jaclaz
Yes, a similar tool. I've just ditched FTK Imager…
Interestingly the company has some other tools, triage and rapid data extraction stuff. My ADF & IEF licenses are up for renewal shortly, and I have decided to drop them in favour of the new tools that MCMS gave me on trial.
The boot environment they provide is a WinFE environment, which will boot any Intel machine. Bootable media provided is a USB stick and a CD, and they gave me a copy of the iso so I can make my own boot media. ,
Did you say they are selling WinFE ISOs? 😯
Any q's please drop me a mail.
I only ask since selling WinFE ISOs without a licensing agreement would be like selling Satya Nadella's desk without his permission… oops
I don't think there was any cost attached the WinFE iso, this was just provided in order to boot machines into a Windows OS to run their tool. I thought I'd give theirs a go.
I have my own WinFE iso's with some additional tools, and Ballistic works fine with this. I built my WinFE with USB3.0 drivers, which was useful as the USB stick I bought is USB3.0.
As their tool is only Windows based at the moment, it makes sense to use WinFE, either provide your own or use theirs.