Quicker Forensic Im...
 
Notifications
Clear all

Quicker Forensic Imaging?

70 Posts
19 Users
0 Reactions
5,185 Views
(@thepm)
Posts: 253
Reputable Member
 

LOL

 
Posted : 25/04/2014 6:57 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Just to clear the extents of my previous post, I have no reason to doubt that this Ballistic Imager (as well IXimager, to name one BTW) is among the first few best things in the world (anyway after ice cream, beer and sliced bread wink ), what I am saying is simply that their web site and marketing/communicating strategy seemingly suck, and suck big.

Also, being so secretive, I find it queer how they declare how they do training courses
http//mcmsolutions.co.uk/training/
for covert operations stating where they take place

We also offer specialised training courses for covert operations, based at our Horsham Offices.

roll
The whole stuff seems however more aimed to defense/intelligence than "forensics".

@jhup
Did you manage to fix your optical undulators?

jaclaz

 
Posted : 25/04/2014 8:23 pm
Chris_Ed
(@chris_ed)
Posts: 314
Reputable Member
 

I suppose the notable words here are that the software "can" image up to xxxx speeds.

Looking at their example, they say they can image a 256GB HDD in 12 mins. Conservatively that works out at approx 356MB/sec ((256000/12)/60). So if you are imaging a PC where the motherboard not only supports SATA 3 for the source disk but also has a spare eSATA/USB 3 port - well maybe then you might see those sort of speeds.

Interestingly, the other bit of detail they give on the performance (1TB in 35 mins) would require writing data at 476MB/sec ((1000000/35)/60) - a 33% increase. You could image a 256GB HDD in 8 mins at that speed.

 
Posted : 25/04/2014 8:30 pm
(@athulin)
Posts: 1158
Noble Member
 

Someone promising to deliver data faster than theoretical device limits of not one device but many, from various vendors of various designs?

If I remember, some late modems did that, claiming transfer rates that were impossible. Of course, they didn't measure *actual* transfer rate (on the wire), but *perceived* transfer rate, involving compression before the actual transfer was performed, and usually assuming that a compression rate of 70% or so was feasible.

I'm not claiming that this is a similar case – only that one needs to be careful about interpreting sales talk.

 
Posted : 26/04/2014 2:58 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I'm not claiming that this is a similar case – only that one needs to be careful about interpreting sales talk.

In this specific case we need however to interpret sales non-talk . 😯

jaclaz

 
Posted : 26/04/2014 4:17 pm
(@krishna)
Posts: 45
Eminent Member
 

hi all

i wanted to image a hard disk which is protected with password. the imager forensic dossier says the disk is password protected, unlock to continue. i tried with talon but it is not recognised. i also tried to clone thru CAINE, but i could not complete. my pc is able to see the hard disk, but it is not being mounted. encase shows unallocated disk area. is it there any method to image the hard disk while maintaiing the integrity of the data.

cheers,

 
Posted : 27/04/2014 12:32 am
(@markl1975)
Posts: 63
Trusted Member
Topic starter
 

Hello,

I'm looking at this product from a military perspective, however I've been in forensics for a long time so should hopefully be able to see it from a 'standard forensics' point-of-view also.

I'm seeing them on Wednesday.

 
Posted : 27/04/2014 2:18 am
(@athulin)
Posts: 1158
Noble Member
 

hi all

i wanted to image a hard disk which is protected with password.

Please … don't hijack already running threads. Start a new thread instead – you're much more likely to get responses that way.

Later OK, I see that you already have.

 
Posted : 27/04/2014 12:39 pm
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

If I remember, some late modems did that, claiming transfer rates that were impossible. Of course, they didn't measure *actual* transfer rate (on the wire), but *perceived* transfer rate, involving compression before the actual transfer was performed, and usually assuming that a compression rate of 70% or so was feasible.

They were the 2400 baud, MNP 5 modems. The idea was that the on-the-fly compression was done in the modem instead in the computer. It was the harbinger of switching from baud to bps.

Maybe I am just getting jaded, so let me soften my stance.

It is possible that the vendor implemented methodologies and resources to reduce most of the overhead and get the maximum possible from the system.

 
Posted : 28/04/2014 9:04 pm
(@markl1975)
Posts: 63
Trusted Member
Topic starter
 

Hello all,

I saw the company yesterday for a live demo. I took my laptop in, with a 256GB drive, and it was imaged (dd binary image) in just over 12 minutes. It works on a live system and will take a RAM image as well. They also provide a secure boot environment (CD or USB), which will boot any Intel machine (Windows, OSX & Linux) to image the internal physical drive.

I've bought a single license to run some tests on. I took an old laptop with me as well, and it imaged it faster than FTK Imager could manage. FTK ran at about 8MB/sec when imaging the drive over USB, their Ballistic tool ran at 38MB/sec.

Clever stuff, good to see a company doing something different for a change.

 
Posted : 02/05/2014 1:44 am
Page 2 / 7
Share: