Quicker Forensic Im...
 
Notifications
Clear all

Quicker Forensic Imaging?

70 Posts
19 Users
0 Likes
4,953 Views
(@markl1975)
Posts: 63
Trusted Member
Topic starter
 

Hello all,

My work is based around scene-of-crime data collection, and I am often frustrated by the speed of imaging hard drives, particularly if we need to leave the laptop/pc where it is.

Has anyone on here heard of, or used, Ballistic Imager? I've been doing some research and this seems like the fastest solution at the moment, claiming around 5 minutes for 128GB drive, forensically imaged.

I've pinged the company an email so I'll wait to hear from them too. Happy to post any feedback if it's any good, or has anyone already used it?

Cheers,

Mark

 
Posted : 24/04/2014 1:06 am
(@mitch)
Posts: 135
Estimable Member
 

Mark

Using any industrial imager device, has limitations and is dependable upon architecture, of the drive and equipment.

for example try getting that speed with a 200GB IDE drive.

now i have a PCIe SSD @ 1000mb/s and that will superseed that speed if imaged.

Ive had a look at the website and not really alot of valuable info.

I very rarely image now onsite, I request bag and tag. can do it then in the lab.

Mitch

 
Posted : 24/04/2014 1:33 am
(@markl1975)
Posts: 63
Trusted Member
Topic starter
 

Mitch,

Thanks for the reply. I agree, lab-based imaging is quicker, however the jobs I do are usually not bag-and-tag jobs. We often have to image quickly, and leave the target machines where they are.

FTK Imager and EnCase's Imager are OK, but not especially quick, and removing hard drives and imaging on-site with a TD3 or a Talon can be awkward.

I might see if I can get a demo from them to put it through it's paces.

Mark

 
Posted : 24/04/2014 1:53 am
Passmark
(@passmark)
Posts: 376
Reputable Member
 

Imaging speed mostly depends on the speed of the drive.
From a coding point of view there are a few tricks, like doing large sequential reads and giving caching hints to the operating system. Beyond that however there isn't any magic fairy dust that will make the drive exceed it design specifications.

Pretty much any imaging tool will do 128GB drive in 5min, if the drive is fast enough. Most current solid state drives will get this kind of read performance.

 
Posted : 24/04/2014 5:08 am
Adam10541
(@adam10541)
Posts: 550
Honorable Member
 

I'd be interested to see if the 128GB drive they used for testing contained any data, how much data and what type of data….

There are so many variables that can affect the imaging speed that any claim like that is always a 'best case scenario'.

 
Posted : 24/04/2014 5:50 am
(@markl1975)
Posts: 63
Trusted Member
Topic starter
 

Hello,

I'm heading to the company next week for a demo.

They're not giving any demo software out at the moment, however I can go and see it running, and take some of my own hardware to run it against.

We'll see if it's any good.

 
Posted : 25/04/2014 12:28 pm
Chris_Ed
(@chris_ed)
Posts: 314
Reputable Member
 

Assuming they don't get you to sign an NDA or something, it would be interesting to hear your thoughts!

 
Posted : 25/04/2014 1:16 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Surely for being a commercial company they are a bit secretive, I mean having to register just to read (what I presume being 😯 ) vague and generic info on their *whatever*, comeon ) .
http//mcmsolutions.co.uk/our-products/ballistic/

Ballistic Imager – Rapid Forensic Imaging

Text goes here

wink
and
http//mcmsolutions.co.uk/our-products/

Ballistic Imager

UK Patent GB1317136.8

Ballistic Imager will forensically image hard disc drives in minutes, without the need for removing the drive and with minimal training overheads. Ballistic Imager is addressing the issue of performing rapid extractions on higher storage capacity hard drives. In an age where the storage capacity of personal computers is ever-increasing, and time management is critical, Ballistic Imager is the tool of choice. For example, Ballistic Imager can image a 256GB Hard Drive in 12 minutes, and a 1TB drive in 35 minutes. Ballistic Imager can also be used to take an image of RAM from a running machine, imaging 8GB of RAM in just 18 seconds.
For more information on Ballistic Imager, click here.

jaclaz

 
Posted : 25/04/2014 4:26 pm
(@mitch)
Posts: 135
Estimable Member
 

Jaclaz

My thoughts exactly,

last person I spoke to regarding something similar, it turned out to be, they were taking a snapshot of a system not a forensic image…..

Thus they didnt have a clue regarding forensic procedures etc…..

 
Posted : 25/04/2014 5:26 pm
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

Someone promising to deliver data faster than theoretical device limits of not one device but many, from various vendors of various designs?

Why would that be suspicious?

On an other note, I invented this device which will produce 101 energy from sea water using simple cow flatulence. The byproduct will fix global warming, and reduce your body fat to 10%. I just need some seed money for the stickers that go on the device. How does . . . $3mm sound? Now I know this is a big deal of me letting you in, as I have rejected many others, but for you I will let you in since you have been so nice. Again, please do not share this with others as they will bother me to get in. I had to brush off these sheiks last week, and they are very persistent! So, just transfer the funds here . . .

 
Posted : 25/04/2014 5:35 pm
Page 1 / 7
Share: