Atola Technology introduces a fully revamped Disk editor module for convenient in-depth evidence analysis in a new software update for Atola Insight Forensic, a fast forensic imaging system with the capacity to run 3 simultaneous imaging sessions and work with damaged media.
Version 5.4 of Insight Forensic also includes more than 35 new features and bugfixes and can now detect two or more ambiguous file systems hidden within a single partition.
“For this software update, we’ve thoroughly overhauled our Disk Editor module to make byte-level analysis much easier,” said Vitaliy Mokosiy, CTO at Atola Technology. “Another nice feature: Insight Forensic now recognizes two or more file systems intentionally squeezed into the same sector range and notifies a user about it during the diagnostics. Not to mention more than two dozen small tweaks and improvements to make the examiner’s work more comfortable.”
The New Disk Editor: Find, Read, or Edit Bytes Quicker and Easier
The Disk editor module included in Insight Forensic for analyzing device data on the byte level received a fresher look and feel. Now it lets forensic examiners navigate through disk sectors faster, search for hex strings more easily, and interpret bytes quickly.
- Insight Forensic now seamlessly reads device space in infinite mode: bytes are loaded automatically as a user scrolls the hex viewer up or down. To quickly jump to a certain position, examiners can press the Go to sector button or use the Ctrl + G keyboard shortcut. And two more convenient shortcuts: Ctrl + Home immediately brings users to the first sector of a drive and Ctrl + End gets them to the last sector.
- To quickly find a certain byte sequence, examiners can go to the Data inspector tab or press Ctrl + F shortcut and enter a string they are searching for. Also, there are Find previous and Find next buttons to see each instance of the found byte sequences.
- The new Data inspector feature saves time when interpreting bytes. It converts hex value to decimal (8-, 16-, 24-, 32-bit integer) or binary format on the fly.
- Insight Forensic detects file system structures automatically. Master Boot Record, GPT sector, FAT/NTFS/ext Boot Sector, HFS headers, NTFS File Record and other structures are automatically recognized and parsed into a human-readable form.
Find Two or More Ambiguous File Systems Hidden Within a Single Partition
What if someone managed to place two or even more fully functional file systems within a single file system partition on the storage device to conceal data?
Researchers Janine Schneider, Maximilian Eichhorn, and Felix Freiling in their paper titled “Ambiguous File System Partitions” showed that it is possible to create ambiguous file system partitions by integrating a guest file system into the structures of a host file system. The authors point out that since typical file systems that occur in forensic analysis are usually unambiguous, ambiguous file system partitions may serve as useful corner cases in forensic tools and processes.
The Atola engineers were so inspired by this paper that they decided to implement ambiguous file system detection in our product.
Insight Forensic 5.4 now detects host and guest file systems placed within the same sector range during the Automatic checkup and notifies the user about it in the Diagnostics report.
Moreover, forensic examiners can image one or both partitions and also correctly access their files in the File recovery module.
A nice-to-have feature for deep-dive analysis.
About Atola Insight Forensic system
Atola Insight Forensic is a fast forensic imager with the capacity to perform 3 simultaneous imaging sessions on a wide range of media. It also offers complex yet highly automated data recovery functions on failing storage devices and provides utilities for accessing hard drives at the lowest level. The system includes DiskSense 2 hardware forensic unit, hardware extension modules, and Insight Forensic software to operate them.
About Atola Technology
Atola Technology is an innovative company based in Vancouver, Canada, specializing in creating forensic imaging hardware tools for the global forensic market.
Atola’s engineers, including its founder and CEO Dmitry Postrigan, have strong expertise in storage media and data recovery, and focus on creating highly efficient and user-friendly forensic imagers.
