ForensicSoft has announced the release of its newest computer forensic tool, SAFE. SAFE, which stands for System Acquisition Forensics Environment, is a new Windows-based computer forensic platform specifically designed to support the expanding needs of computer forensic, computer security, and litigation support professionals to confidently acquire, preview and analyze digital evidence to be presented in a court of law…Unlike conventional forensic boot disks that use superficial protection techniques, such as mounting drives as read-only, ForensicSoft’s SAFE platform employs the company’s proprietary SAFE Block software technology to block all disks at the physical level to ensure a forensically sound preview, exploration and capture of the digital evidence. Investigators can be confident that all digital evidence is unaltered during the SAFE exploration and acquisition, and therefore is reliable and defensible when presented during litigation. SAFE Block technology is the only software write-blocker to successfully pass all of the U.S. National Institute of Standards (NIST) test criteria – visit the company’s website to review these results.
SAFE uses Microsoft Windows PE, a fully licensed copy of which is included with the product. SAFE is capable of running your favorite Windows-based forensic tools such as FTK, EnCase, X-Ways, etc. With the familiar Windows user experience, SAFE requires minimal training for investigators to become proficient with its use. And, since SAFE is a Windows-based computer forensic platform, investigators have access to the widest array of drivers for existing computer hardware, and immediate availability of new Windows drivers for new computer hardware. Drivers can be added at any time during a SAFE session, requiring no special skills or the need to recompile a new boot disk.
SAFE v1.0, delivered as a CD-ROM, ISO download file, or USB bootable drive image, boots any X86-based computer from CD or USB drive. Upon boot-up, SAFE securely locks-down the target computer with SAFE Block to ensure no erroneous write operations corrupt the target disk, then Windows PE is launched in a RAM disk on the target machine. Using the familiar Windows interface, disks and ports (USB, Firewire …) of the target machine can be easily unblocked or blocked throughout your investigation, with all events being logged and time-stamped. All of this is managed by the SAFE platform without removing or modifying the target machine’s hardware.
Specific benefits include:
* Familiar Windows interface requiring minimal training
* Write-blocking of all disk interfaces including SAS, RAID, Fibre Channel, and more
* Allows for non-invasive, forensically sound data capture of any target media
* Data capture and imaging at speeds of up to 4GB/min
* Natively supports NTFS and NTFS Compressed file systems, allowing examiners to write images faster and without file size limitations that exist with FAT