Logicube Announces Support for E01 Evidence File Format on Dossier

Logicube® Inc. has announced that the company’s premier data capture solution, the Forensic Dossier®, will provide support for the EnCase® evidence file format, E01. The Dossier is the first hardware-based data capture solution to provide support of this widely-used forensic file format. This new software option is scheduled to be available in mid-summer 2009…The E01 option will allow users to capture hard disk drives directly into the E01 format. The evidence or destination drive can then be easily uploaded to the analysis software in a ready-to-analyze state. This eliminates the time-consuming conversion step that users typically must perform today. The Dossier uses CRC and MD5 authentication when capturing to the E01 format and there is no performance degradation in native capture mode.

“Customer feedback is an integral part of product development at Logicube,” commented Farid Emrani, Executive Vice President and COO of Logicube. “Support for the E01 file format has been consistently at the top of the wish list for our customers. Our engineering team has responded to our customers with the addition of this important enhancement to the Forensic Dossier.”

“As the world leader in the eForensics field, our customers expect us to be at the forefront of new technological advances and the E01 option demonstrates Logicube’s commitment to providing innovative and forward-thinking solutions to our customers,” continued Emrani.

The Dossier is the fastest and most feature-rich digital forensic data capture device on the market today, allowing investigators to capture and authenticate at speeds approaching 6GB/min. The Dossier supports SATA and IDE drive formats and will also support SCSI and SAS drives with an optional adapter. Users can capture data from one or two suspect drives to one or two evidence drives. The Dossier supports capture in both native (mirror) and DD image file formats along with the new E01 support.

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Over the next few months, Logicube plans on announcing multiple ground-breaking feature enhancements and complementary products all built on the Dossier platform. “The Dossier was designed to be an extremely versatile and scalable forensic tool. We expect that our upcoming additions to the product line will meet and exceed customer expectations and set the standard for their ideal forensic data capture solution.” commented Mr. Emrani.

The Dossier will be featured in the Logicube booth (#509) at the 2009 Techno Security show held in Myrtle Beach, SC May 31st through June 3rd.

About Logicube
Logicube is the world’s leader in hard drive duplication and eForensics solutions. The company offers a complete line of products from one-to-one and production grade duplicators to sophisticated cell phone and PDA data capturing systems. Founded in 1993, with headquarters in Chatsworth, California Logicube is dedicated to delivering reliable, innovative, state-of-the-art solutions for users worldwide. The company’s products are sold direct to users, through international distributors and authorized dealers world-wide For more information visit their website at http://www.logicube.com or http://www.logicubeforensics.com.

Logicube and Dossier are registered trademarks of Logicube, Inc. EnCase® is a registered trademark of Guidance Software, Inc.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...