The first review of the Logicube Falcon®– NEO was performed in July 2018 and having successfully used the same unit in both an IT and forensic investigative environment since, it is time to update that assessment to include the many changes and enhancements that have been made to it. Therefore, the objective of this review is to share the years of experience, knowledge, and hands on testing both in a controlled and field environment with organizations or individuals considering or using the Logicube Falcon®– NEO.
Some things will never change, and the most important phase of any digital investigation is the initial preservation and verification of potential evidence. If this is not achieved in a safe and reliable manner any future analysis may be jeopardized and considered inadmissible.
This updated review replaces the July 2018 assessment and is designed to assist organizations or individuals to streamline the quality assurance process when considering the use of the Logicube Falcon®– NEO without the influence of the manufacturer or other third-party competitors. The assessment and testing were performed in a controlled laboratory QA process. After proven concepts and the manufacturer claims were validated, an extensive evaluation was then performed in a live environment across real evidence.
Logicube have maintained a good visual appearance of the Falcon®-NEO, which continues to project a “geek” factor and scientific approach to digital forensics when observed by the average person. The Falcon®-NEO is without doubt good value for money when comparing the enhancement of features and the dramatic increases in speeds when processing evidence.
This is particularly evidenced when running multiple processes simultaneously on one unit. The Falcon®-NEO is compact and packaged in a very professional way, which enhances the expert appearance of a forensic examiner to those not familiar with digital investigations or the process.
The enhanced touch-screen interface and variety of options available continues to give the Falcon®-NEO a very professional and feel-good factor, leading the way in digital forensic imaging. Statements by any manufacturer professing speeds in processing are always ambiguous but again in reality, the Falcon®-NEO performed admirably against its main competitors and always exceeded any software acquisition solution tested with today’s technology available.
The speeds in acquisition of between 50GB to 90GB per minute and wiping at 30GB to 70GB per minute as validated is simply phenomenal. The concurrent verification enhances the efficiency of data acquisitions and speed in which they can be performed to ensure the continuity and integrity of data collected.
The speeds achieved both in a laboratory and field environment not only meet the requirements when handling high volume sophisticated business systems, but also the extremely large capacities of standard home computers now being encountered even in small digital investigations.
The Falcon®-NEO encompasses an array of options compared to other products available in the marketplace and although the main unit itself is more than adequate for most cases, there are often occasions when unique scenarios and drive types play an integral part of a digital investigation. Logicube’s foresight and experience in the digital extraction and preservation field have designed a wide range of additional solutions that complement and enhance the functionality of the Falcon®-NEO. If these are not purchased at the time they can always be added as and when required. The optional functionality and equipment to compliment the Falcon®-NEO were also vigorously tested as outlined throughout the various sections of this assessment.
Logicube forensic imaging solutions have been for many years a leading forensic component used around the world by leading government, law enforcement, military, and corporate organizations. The Falcon®-NEO was vigorously tested initially in 2018 and has been used extensively in both a laboratory and field operational environment ever since. With the introduction of innovating new and enhanced features, which include cloud storage acquisition, mobile device capture and thunderbolt, fibre channel, firewire and SCSI hardware accessories, a review and further vigorous testing was performed.
It is globally accepted that the most important phase of any digital investigation is the initial harvesting and preservation of potential evidence, while maintaining the continuity and integrity of it. The average size of data now encountered on even basic digital investigations can be measured in high volume terabytes.
Logicube have once again exceeded all expectations with the enhancements and new optional modules available for the Falcon®-NEO. They have clearly maintained pace with technology, listened to their user’s requirements and always look forward at new initiatives and developments. For the first time investigators have the ability and benefit of high-speed computer media imaging, network traffic and cloud collections together with a mobile forensic capability using the same hardware.
The increased enhancements in functionality and capability of the Falcon®-NEO with a variety of devices supported, encryption, mobile device capture, network traffic and cloud collections, with remote operating, once again demonstrates that Logicube remains a global leader in the field of data imaging and ahead of its competitors with the all-encompassing new features and options available in the Falcon®-NEO.
The ability to automate and selectively harvest information is critical for investigations involving privacy or e-Discovery requirements. The increased capability of date range, file type and keyword filtering further increase the efficiency and quality of data collected. Many of the features of the Falcon®-NEO are considered standard and are expected from such a product but the combination of the macro-task, network, cloud, and mobile device capture functionality allows greater diversity in the use of such a tool and simplifies the process for non-technical first responders.
The Falcon®-NEO should not be considered just as a forensic, criminal, or civil litigation solution. It should also be considered by IT security consultants, system administrators and system auditors when identifying and harvesting information during routine non-criminal investigations. It also has many features that are necessary for generic IT maintenance and management, such as the capturing of network traffic for analysis and the wiping functionality that will remove information beyond recovery when recycling systems within an organization or releasing them for sale to a third party.
As a user of other competitive products that are similar, Logicube have surpassed all expectations with the new enhancements and optional modules now available for the Falcon®-NEO. This is particularly evidenced when considering not just the speed in which it processes, but also the additional advanced features, functionality and support it now provides with mobile device capture, cloud storage acquisition, fibre channel, firewire, SCSI and thunderbolt options.
In comparison to other digital forensic imaging solutions in the marketplace today, from a hands-on comparison and vigorously tested, Logicube has once again produced the most complete state of the art extremely user-friendly solution for digital forensic investigations and IT management with the Falcon®-NEO. The many features and functionality of the Falcon®-NEO continue to exceed those of its competitors and as such the consistent advancements in functionality, processing and reliability is not only superior but critical for today’s highly developing digital investigative and IT management world.
The simple and automated functionality, which includes remote access as required, provides a fail-safe solution for first responders and investigators to ensure that consistency and best practice guidelines are not only adopted, but also adhered to and guaranteed. This is a must have tool in any forensic or IT security/management department, which complies with global standards and guidelines.
The Falcon®-NEO produces evidence files and data that are compatible with all major computer, mobile forensic, IT security and eDiscovery analysis and processing tools. The time saved with this all-in-one solution with its simple but secure data analysis and harvesting is a financial investment and will save many person hours in the long term.
Having conducted an assessment and reassessment of the Falcon®-NEO together with the years of using it in an operational environment, it is without doubt the “Best in Class” solution among the digital forensic imagers in its tier. It is also the “premier” portable forensic imager in the marketplace at the present time and a must-have solution for all digital forensic, cyber security or specialist information technology practitioners.
Editor’s note: An extended, detailed version of this review is available at Logicube’s website.
About The Author
John (Zeke) Thackray, FSS Dip, Churchill Fellow is currently the Vice President and Global Head Training of GetData Forensics USA, based in Los Angeles and responsible for global forensic services and training. Zeke, as he is more commonly known throughout the industry, is a former British Police Detective who specialized in hi-tech crime from the early 1990’s. Zeke has been involved in many hi-tech, high profile investigations around the world and has delivered computer and cell phone forensics training globally for many years.