You might not know what the client wants down the road, and with document production for sure on the rise, .e01 is a nice extension to have around.
Well with the image you get from the HCII - you can always make an E01 later if needed.
IMHO that's ok to be able to convert an image later on, if you have no cases in the office and time to do that.
Measure 2x cut 1x
Using multiple Helix CDs for a large job looks interesting.
Years ago, I did a similar process but with Encase boot floppies. Much slower in DOS but if you have 30 machines to do, it's worth considering.
However, I do like the assurance that a writeblocker gives. Has anyone tried using Helix combined with an IDE/USB writeblocker? Not sure if Helix will pick up the drive to be imaged via the USB port. Only asking as I have lots of writeblockers that output through USB and only one IDE/IDE
Has anyone tried using Helix combined with an IDE/USB writeblocker? Not sure if Helix will pick up the drive to be imaged via the USB port. Only asking as I have lots of writeblockers that output through USB and only one IDE/IDE
Tableau have a 3rd party plugin for Linux -
Drop in a 1394b (Firewire 800) PCI card, boot the system using FBCD (or _any_ validated Linux boot CD you're comfy with), and blow the image out via super fast firewire.
Or if eSATA is your thing, same thing, but eSATA pci card.
regards,
farmerdude
I had a good experience with Image Master Solo Imager III
w w
Write blocked. It writes two copies at a time; up to 3GB/min - limited by the slowest hard drive; usually around 1,5GB/min. ATA/SATA interfaces onboard. Comes with a boot disk; can capture data through USB/FWire. Logs operations onto a memory card for later retrieval. It supports DD only though…
I regularly use multiple Helix boot CDs / dd for multi-machine imaging and USB drives as targets when a more invasive imaging process isn't appropriate. You can count on 80-100GB per hour for planning purposes, assuming the machines aren't ancient (that is, that have USB 2.0 interfaces). It's not as fast as hooking up raw drives, but a lot easier when you have to tackle a bunch of machines at once.
eSATA targets are much faster if you have fast(er) source drives in the machines you're imaging.
Best,
–Golden
Greetings,
I've been successful in using Helix for bulk imaging as well, but I've run into situations where Helix crashes or refuses to recognize hardware on too many occasions to be truly comfortable with it.
I'd love to see a very simple Live CD aimed at *just* imaging with someone keeping it very, very current. Helix is great in general, but it's "do everything" approach combined with long release times means that many tools get out of date.
-David
I'm just wondering what speeds the community achieve and if there are any recommendations as to how to speed this up? I'm specifically looking for options that would speed up the process both onsite or in the office. Any hardware that you can recommend etc.
We currently have EnCase 4, 5 and 6 available to us and we use USB/Firewire 400/800 at present.
With our current PC's (dual-core 2.6GHz, 2GB RAM), we average 2.4GB/min using Firewire-400. That drops to about 1.6GB/min using USB. Doesn't matter if its EnCase, Prodiscover or straight DD. FWIW the destination drives are run of the mill Barracuda 7200RPM 16MB cache.
I find if you defrag the evidence drive first it helps speed things up. 😯
I'm kidding about the defrag, but our numbers stand.