Description

The SuperImager® Plus 12” Forensicunit is a Portable forensic imager with the ability to serve as a complete Field Computer Forensic Investigative platform, allowing the user to capture data in the field from multiple sources to multiple targets simultaneously and extremely fast. It also enables the user to perform a full Forensic analysis using a third-party application like Encase. Additionally, the unit can also capture data from multiple cellphones and run cellphone analyses. The unit is durably built and easy to carry, comprising of a full-blown Desktop CPU, enabling the unit to have a high performance (this is different from laptops and other mobile solutions). The unit is built with 4 SAS/SATA and 4 USB3.0 ports that supports SAS/SATA hard disk drives, SSD, and USB Flash drives. The unit’s fast Thunderbolt 3.0 port (40gigabit/s) enables the user to capture data from additional interfaces, especially NVMe and SSD. The user can also use the port to connect to 10Gigabit/s networks, enabling the user to store the captured data. The SuperImager’s main application (the unit’s software) supports many imaging operations. Some of the tasks that the unit can be used for includes:

1) Multiple Parallel Forensic Capture: Mirror (bit by bit), Linux-DD, E01/Ex01 (with full compression) formats, Mixed-Format DD/E01, and Selective Capture (files and folders with the use of file extension filters). Select a single partition to capture.
2) Erase data from Evidence drive – using DoD (ECE, E), Security Erase, NVMe, and Sanitize erase protocols.
3) View the data directly on Ubuntu Desktop screen.
4) Encrypt the data while capturing (AES256).
5) HASH the data while capturing – run all the three, SHA-1, SHA-2, and MD5 HASH engines, at the same time.
6) Run a quick Keyword Search on the Suspect drive prior to capture.
7) Run Multiple Cellphone/Tablets data Extraction and Analysis.
8) Run Forensic Triage application.
9) Run a full Forensic Analysis application like Encase/Nuix/FTK.
10) Run Virtual Drive Emulator.
11) Run Remote Capture from unopened laptops (Intel Based CPU).

Additional operations that are available include erase verification on a drive that was previously erased, Full or Quick Format, HASH a drive, drive diagnostics, and scripting.

The application supports forensic imaging of multiple drives, in multiple sessions, in simultaneous forensic imaging runs.

The Optional TB expansion box enables the user to connect to a 10Gigabit/s network, an External HDMI monitor, or plug additional optional storage controllers (NVMe, SAS, SCSI, 1394, and FC) to support erase from more storage devices.

Main Hardware Features:

• Case: Mobile, lightweight, Rugged, and easy to carry.
• CPU: i7 latest generation CPU
• Display: 12”, LED back-light, touchscreen, color LCD display.
• Hardware: Very high-quality, high performing components; some with military specifications.
• OS: Linux Ubuntu 64 bit and Win 10 Professional 64 Bit in a dual boot.
• Security: Linux OS (Linux is less targeted by malware).
• Hardware Upgrade: The unit can be upgraded at the time of purchasing for additional cost to a larger internal SSD, or the memory can be upgraded to 32GB.
• Application Updates: The application can easily be updated via a USB thumb drive and displays a special update application screen.

Hardware Specifications:

• RAM: 16GB DDR4 internal memory.
• Internal storage: 250GB SSD SATA.
• Storage controller: PCI Express 3.0 SAS/SATA controller supporting 6 Gigabit/s SAS/SATA interface speeds with a maximum data rate of 37GB/min.

Hardware Support:

• Source Ports: Two SAS/SATA ports and two USB3.0/USB3.1 ports are set as source ports (the user cannot change the role of these ports).
• Target Ports: Two SAS/SATA ports and 2 USB3.0/USB3.1 ports.
• Thunderbolt 3.0 port: connect to Optional Thunderbolt to PCIE Expansion Box, connect to HDMI external monitor with supplied adapter, connect to 10Gigabit/s network via the Optional Thunderbolt to PCIE Expansion Box, and connect to unopen Mac.
• Supports Storage Protocols and Interfaces: SAS, SATA, e-SATA enclosures, IDE, USB2.0, USB3.0/3.1, MMC, M.2 SATA, SCSI*, FC*, 1394*, and NVMe*.
• Supports Form Factors: 3.5”, 2.5”, ZIF, 1.8”, Micro-SATA, Mini-SATA, Slim SATA, Ultra Slim SATA, M.2 SATA, PCIE-Memory Card*, Mini PCIE*, SFF-8639 U.2 NVMe*, M.2 NVMe*, and CF-30.

Application Settings:

• HPA/DCO Automatic Supports: The application has the ability to automatically open HPA and DCO areas and resize the “Suspect” hard drive to its full native capacity in order to capture any “hidden data: (HPA/DCO are special areas on the drive that support this feature).
• Bad Sectors Handling: The user can select to skip bad sectors, skip bad blocks, or abort the operations. The skipped, bad sectors will be reported in the log file in detailed or in summary.
• 48bit LBA Addressing: Supports drives with sizes up to 256TB.
• Forensic Images – Destination: The user can save Forensic Images to any storage device attached to the SuperImager unit, or to any connected network, using the unit’s 1Gigabit/s port, the 10Gigabit Option, any external USB3.0 RAID (encryption is optional), or an external NAS storage at a very good speed.
• Cross Copy from any Ports and any Interfaces: The user can choose to capture from one port, with one type of storage protocol and interface, and save the forensic image onto a different storage protocol and interface using destination ports. The cross copy of data can be done between any of these interfaces – SAS/SATA/IDE/USB/SCSI/1394/NVMe.

Main application Features:

• GUI: The application is built with large and very simple and easy to navigate icons. In a few clicks the user can set an operation and it will quickly be up and running.
• Speed: Extremely fast – one of the fastest Forensic Imaging solutions available on the market today, achieving a speed of above 32GB/min for SATA SSD and 100GB/min for NVMe SSD.
• Tested with the HASH verification operation with SHA-1, SSD ran a top speed of 30GB/min and 1TB WD Blue SATA-2 HDD ran a top speed of 10GB/min.
• Tested with the Forensic Imaging operation of 1 to 2 with SHA-1, 3 SSD of Samsung Pro 240GB ran a top speed of 32GB/min.
• Tested with the Forensic Imaging operation of 1 to 2 with SHA-1, 3 SSD of Samsung NVMe 1 TB ran a top speed of 100GB/min.

Main application Operations:

• Forensic Imaging Mode
• Complete Forensic Platform
• Data Eraser and Format
• HASH Calculation Authentication and Verification
• Network

Forensic Imaging Mode Features:

• Mirror imaging bit by bit (100% or any % of the drive), DD, E01/Ex01 – with optional compression, Selective Capture (Capture Partitions, Files and Folders, and with the use of file extension filters), Mix-Format of DD/E01/Ex01, selecting one partition capture.
• Targeted Imaging: Sometimes the forensic investigator does not have the time to do a full data capture of the Suspect drive. Now the user can use the Selective Imaging feature to select only partitions, files, or folders (like the Windows User-Folders or Windows User-Documents and User-Pictures). With the use of preset file extension filters or adding its own filters, the Forensic Investigator can narrow their capture scope and shorten its acquisition time.
• Forensic Restore: Back up the data that was captured to another drive in the original format.
• Forensic Images Formats: Multiple Image Formats 100% Bit by Bit Mirror copy, Linux-DD Format, Encase E01/Ex01 Formats (includes options for optimizing the compression by adjusting the compression level and the number of compression parallel engines) and Mix-Format of E01/Ex01/Linux-DD, Mix-Format is where the user can capture from one source drive and save the images onto multiple destination ports; each target port can be selected to be one of the 3 E01/Ex01/Linux-DD, In addition, the user can use a file-based copy to copy files and folders by using selective imaging with file extension filters, and Single partition capture.

Included Items:

• 4 SAS/SATA Extension cables.
• Thunderbolt 3.0 to HDMI adapter.
• USB mini Keyboard
• SE-520 hard case with an internal metal chassis.
• Accessory bag to store all adapters, cables, and the keyboard.