Description

The SuperImager® Plus 8” NVMe + SATA Forensic Field Unit – Linux Forensic Imager with NVME and Thunderbolt 3.0, Dual Boot is a mobile, compact, easy to carry, versatile, and extremely fast Forensic Imaging unit that can serve as a complete Field Computer Forensic Investigation platform. The unit is running under Linux Ubuntu OS with a dual boot to Windows 8.1. The unit has a built-in 2 extremely fast NVMe ports, 2 SATA ports with power, one e-SATA ports, one Thunderbolt 3.0 port (40Gigabit/s), 8 USB3.0 ports and it supplied with 2 NVMe U.2 to M.2 adapters, and 2.5″ NVMe cables. The unit is supplied TB3.0 to PCIE Expansion Box with 4 e-SATA ports, Remote capture KIT and Virtual Emulators option is enabled.

Key Features: The unit hardware: i7 – 7th generation CPU, 32GB Memory, 250GB SSD internal storage, with 2 NVMe SFF-8639 ports, 2 SATA ports and 10 USB3.1 (10Gigabit/s) ports, Ubuntu 18.04LTS OS with a dual boot of Linux and Win10 Prof. The unit supplied with 2 SFF-8639 to M.2 NVMe cables and adapters and with secure brackets. The read speed from an NVMe SSD is 97GB/min. The unit also supplied with Thunderbolt 3.0 to PCIE (40 gigabit/s) Expansion Box with additional 4 e-SATA ports.
Main Usage: A portable unit that supports imaging from a mix of NVMe, SATA Suspect drives.
The application is using Ubuntu open OS: Multi-tasks, truly simultaneous multiple forensic imaging from one or many source ports to one or many target ports with different interfaces and options. Like imaging 1:7, 4:4, 8 to a network of NVMe SSD or SATA drives or any mix of interfaces using a mirror image, DD, E01 compressed, mix mode and more. Also, the user can select to run in one imaging session 3 HASH engines (SHA1, SHA2, MD5), AES256 encryption and a quick keyword search on the fly at amazing speeds.
Usage: Under the Linux OS: Full Forensic imaging, HASH, Erase and Format, Drive Diagnostics, Virtual Emulator, Remote Capture, Encrypt, Decrypt, Keyword Search before or while the imaging, Scripting.
Under Windows 8.1 Pro: Load and use any third-party applications to perform: Full Forensic analysis (EnCase, Nuix, Magnet), Multiple Cellphone data extractions (Cellebrite, MSAB, Paraben) using the unit’ fast USB ports.
The unit can be used to perform:
1) Multiple parallel simultaneous Forensic Capture using bit by bit, DD, E01/Ex01(with full compression), Mix E01/DD formats, copy the whole drive or only one partition. Copy to 1:6/2:4/3:3 for SATA drives, 1:1 NVMe drives or any mix between the 2 NVMe ports to 7 SATA ports or 8 USB3.0 ports.
2) Run a Selective Imaging (Targeted Imaging) of files, folders, partitions with file extension filters.
3) Select to capture only partition instead of the whole drive.
4) Erase data from Evidence drive using DoD (ECE, E), or Security Erase, or Enhanced Security Erase protocols.
5) View the CAPTURED data directly on Ubuntu Desktop Screen or Windows.
6) Encrypt the data while capturing (AES256).
7) HASH the data while capturing (run all the 3 HASH engines at the same session SHA-1, SHA-2, MD5).
8) Run Cellphone/Tablets data Extraction and Analysis.
9) Prepare Forensic Triage keys and view the captured targeted data.
10) Run a quick Keyword Search on the Suspect drive, prior to capture, or run a full keyword search while capturing
11) Run a full Forensic Analysis application like Encase/Nuix/FTK.
12) Run a Virtual Drive Emulator (This option is enabled on this unit).
13) Use the Remote Capture application to capture data from un-opened Laptops with Intel based CPU, Tablets and PC (Supplied with this unit).
14) Use the Thunderbolt 3.0 port to capture data from USB3.1 storage devices, Mac via Thunderbolt 2/3 port or 1394 port.

Case Study: Some example of the unit’s performances:
1) Complete HASH verification operation with SHA-1 enabled on SSD @ 31GB/min, on WD 1TB Blue @10GB/min.
2) Complete Forensic Imaging 1:2 with SHA-1 enabled on 3 SanDisk Extreme II 120GB SSD @ 29GB/Min.
3) NVMe Forensic Imaging: 1:1 using Samsung MZVPV512HDGL NVMe SSD as Evidence drive, speed reach 93.7GB/min
4) Complete Forensic E01 Imaging from 2TB WD2003FZEX with compression level 9, SHA-1 and MD5 are enabled, HASH the Evidence and compare is enabled @ 11GB/min

The unit built-in: 8” Touchscreen color LCD display, 2 SATA ports data and power, 2 NVMe ports (2.5″), 8 native USB3.0 ports, one e-SATA ports, 1Gigabit/s Ethernet ports, Display port, Thunderbolt 3.0 port and audio ports.The unit is supplied with 2 U.2 to M.2 NVMe external adapters and Thunderbolt 3.0 to PCIE Expansion Box with 4 port e-SATA controller (4 lanes)
The SuperImager Plus 8” NVME + SATA Forensic Field Unit as Forensic Imaging Tool: In one read pass from the “Suspect” Drive, the SuperImager Plus application can run the following operations simultaneously: Forensic Imaging with E01 format and with full compression, Encryption with AES256, simultaneously calculate 3 HASH Verification and Authentication values (MD5, SHA1, SHA2), and saving the captured Forensic Images to 2 “Evidence” drives, to a local network, and to external compact USB3.0/e-SATA TB RAID encrypted storage. The basic Forensic Imaging mode can be 1:1, 1:2, 1:3, 1:4, 2:2 2:3 up to 3:3 for SATA, and 2:4 for USB3.0 storage devices, or 1:1 NVMe.

The Unit as Complete Forensic Platform:
In addition, the unit can serve as a platform for a Forensic investigator to run a complete investigation and to perform:
1) Cellphones and Tablets Data Extraction and Analysis
2) Forensic Triage Data Collection
3) A complete Computer Forensic investigation Analysis with applications such as Nuix, FTK, EnCase
4) Virtual Drive Emulator: Mount a Suspect drive or it’s DD/E01 images, simulate in its native Windows Environment, and extract importan

The Unit as Data Eraser:
Supports erase protocols that are NIST 800-880 compliance:
1) DoD 5220-22M (ECE, E),
2) Security Erase, and Enhanced Security
3) Erase User Mode

Dual Boot: The unit is running Ubuntu OS for forensic imaging and virtual drive emulator purpose. The unit is supplied with dual boot to Windows 8.1 when user intend to install and use third-party applications to perform data analysis, cellphone data extraction and more.

Network Multiple Forensic Images Loader – Besides the ability of the application to upload forensic images (DD, E01) to the network via the 1Gigabit/s network port, there is also a unique feature/solution that can solve the streaming bottleneck by using a single port. With this solution, the user can upload many Forensic images directly to a local network using 7 equivalent 1Gigabit/s network streams.

Expansion Box an important:Since the unit has a fast Thunderbolt 3.0 port (up to 40Gigabit/s), an important option is the Thunderbolt to PCIE 3.0 Expansion box. That enable the user to add different storage controllers and capture data from other storage protocols, such as SAS, SCSI, FC. In addition the user can add 10Gigabit/s Ethernet for faster network connection.