ABC-US Inc

home | company| newsletter | policies | contact us | site map
Subscribe to our newsletter | Catalog


 

Image MASSter Solo3

 

Image MASSter Solo 3 Forensics
Item ID: 
Item Model: 
Shipping weight: 
 		FG-7400-000C
2 to 5 lbs., depending on options

The Fastest Most Inclusive Forensic Hand-Held Data Seizure Tool Available!

Transfers at 3GB/min with MD5 Hashing, Write-Protection,
FireWire/USB Data Acquisition, and Keyword Search!


Designed exclusively for Forensic applications, the IMSolo-3 Forensic unit is a more advanced version of ICS's original IMSolo-2 Forensic unit which has been used as a standard international data acquisition tool. The IMSolo 3 design is based on years of experience using the IMSolo 1 and IMSolo 2, first and second generation hand held data acquisition devices, and from valuable feedback from the Law Enforcement community.

ICS designed the IMSolo-3 Forensic unit to address current Law Enforcement requirements. The IMSolo 3 Forensic unit provides a secure, reliable, easy to use, versatile, fast and efficient tool for acquiring data in a forensic environment.

Secure Copy

By integrating the ICS Drive Lock write-protection device, the IMSolo-3 Forensic unit will protect the Suspect's hard drive from being inadvertently overwritten with data. The Drive Lock function will block all write commands that may be sent to the drive accidentally.

The Biometric Finger Print security option ensures that only qualified and authorized users are allowed to operate the unit.

Integrity of the Copy

The unit can generate an MD5 or CRC32 signature, on-the-fly, guaranteeing the integrity of the data captured without speed degradation. Data integrity is also guaranteed using 100% Data Verification during the copy operation.

Versatility

The unit's versatility enables the investigator to copy data from various media sources without the need of additional tools. The IMSolo-3 Forensic unit has multiple ports that allow seizure from multiple sources.

  • Seize from an unopened computer (laptop or PC) through FireWire 1394B or USB 2.0 ports using ICS integrated LinkMASSter technology. This technology enables the investigator to capture data at speeds exceeding 3GB/min from a computer that is booted from ICS' proprietary software.
  • Direct copy of the suspect hard drive removed from a computer.
  • Supports seizure of various media device types including Serial-ATA, Compact Flash, etc.

Efficiency

The IMSolo-3 Forensic unit enables the investigator to capture data in various common industry standard formats without the need to reacquire the image using third party products, thus saving valuable time. The IMSolo-3 Forensic unit supports the following image formats which can be analyzed by any software analysis tool.

  • Forensic sector-by-sector mirror image format.
  • Linux-DD File image Format
  • Encase and SafeBack file formats can be created using the 1394B/USB 2.0 port capabilities of the unit.
  • The IMSolo-3 Forensic unit can seize data to two hard drives simultaneously at UDMA mode speeds.
  • Multiple images can be on stored one evidence drive. Images can be backed up to DVD media for archiving purposes.
  • An audit trail can be printed or saved to document the seizure process. Provides on site preview of suspect's hard disk drive.

Ease of Use

The IMSolo-3 Forensic unit has a large touch-screen display for ease of use. The touch-screen display avoids the need for an additional keyboard and provides for a convenient method of previewing data and viewing event log information.

High Speed Copy

The IMSolo-3 Forensic unit copies data directly from the Suspect's hard disk drive or through the computer's FireWire 1394B/USB 2.0 ports at transfer rates that can exceed 3GB/Min.

Image MASSter Solo-3 Forensic Main Features

Multiple media types supported

Supports seizing of data from multiple media types. Media types supported include the following:

  • Desktop IDE Parallel ATA hard disk drives:
  • Desktop Serial ATA hard disk drives.
  • 2.5" Notebook drives.
  • Type I, Type II, Type III ATA Flash PC Card including PCMCIA Hard Drive Card
  • Compact Flash (CF) Card
  • SSFDC Smart Media (SM) card
  • Micro drive
  • Memory Stick
  • Multi Media Card (MMC)
  • Secure Digital (SD) card
  • SCSI hard drives

1. Phase 1 will allow transferring of data from a SCSI hard drive to an IDE hard drive via the optional PCMCIA-SCSI kit. Because of the PCMCIA interface used, the transfer rate will not exceed 60MB/min.

2. Phase 2 will provide for fast data transfers from SCSI hard drive to SCSI hard drive through optional SCSI expansion board (Transfer rate can exceed 2.5GB/min).

Two Target Drive Copy capability

The unit can seize the suspect's data to two target (evidence) hard drives simultaneity in UDMA mode. This feature can provide the investigator with the ability to create two images of the Suspect's drive all in one operation.

Copy Modes

The Image MASSter Solo-3 Forensic unit includes Single and Multi-Capture modes: The Single Capture mode copies an exact image from the suspect's hard drive to the drive attached to the IMSolo-3 Forensic unit. The Multi-Capture mode allows the user to seize multiple hard drive images to a single evidence drive.

Host Protected Area (HPA)

HPA is defined as a reserved area for data storage outside the normal operating file system. This area is hidden from the operating system and files system, and is normally used for specialized applications. Systems may wish to store configuration data or save memory to the hard disk in a location that the operating systems cannot change. If an HPA area exists on a suspect's drive, the Image MASSter Solo-3 Forensic unit will detect this area and copy all the contents of the suspect's hard drive sectors, including all the HPA hidden sectors, to the evidence drive.

Device Configuration Overlay (DCO)

DCO allows systems to modify the apparent features provided by a hard disk drive. It provides a set of commands that allow a utility program to modify some of the commands, modes, and feature sets reported as supported by the hard drive. It can be used to hide a portion of the hard disk drive's capacity from being viewed by the operating system and the file system. If DCO is detected on a suspect's drive, the Image MASSter Solo-3 seizure operation will copy all the contents of the suspect's hard disk drive sectors including all the DCO hidden sectors to the evidence drive.

Linux-DD Format

In this mode the image of the suspect drive will be written as 640MB files into a FAT32 partition on the evidence drive. If the FAT32 partition does not exist it will be created and scaled for the whole drive. By selecting the LINUX-DD Seize method using the 'Single Capture' copy mode it is also possible to store multiple LINUX-DD captured images on a single evidence drive. Each image will be stored in a separate Subdirectory on the evidence drive referenced by case name. In addition, a text file will be created in each individual subdirectory containing information about the operation performed.

CRC32 Signature Generator

The Image MASSter Solo-3 Forensic unit provides the capability of generating a CRC32-CCITT Standard signature value during the Single Capture operation. The CRC (Cyclic Redundancy Check) 32 bit Generator is a data verification tool that aids corporate and government specialists with computer crime investigation during evidence seizure. The CRC32 Generator helps ensure reliable data transfer and provides a method of verifying and comparing seized data. The CRC32 generates a 32-bit value and is displayed as an 8-digit, 4-byte Hexadecimal value. When duplicating and storing data captured from a suspect's computer, the authenticity of the original data must be retained (for example, as evidence in court), and a proven method must be used to ensure that the copied data is identical to the original. CRC32 mathematically creates a "signature" value for the seized data.

MD5 Signature Generator

The MD5 Signature Generator is used to help verify data integrity by generating a 128-bit signature "finger print" of the seized data. MD5 was developed by RSA and is used as a standard hashing algorithm in the Computer Forensic Field. The MD5 value of the Suspect drive is generated during capture operation. The MD5 value of the data captured on the Evidence drive can also be generated to compare with the Suspect's MD5 value.

Bad Sectors

Improved bad sector handling by providing operator with the option to skip entire block of sectors if a bad sector exists, within the block of sectors read. Enabling this feature reduces the copy time required to copy a drive containing many bad sectors in comparison to the default operation in which individual bad sectors within the block of sectors are skipped. The option to skip the entire block is enabling by selecting 'Skip block' from the 'Bad Sector' menu item.

48-Bit Support

Provides 48-bit drive support to handle drives larger than 137GB.

Drive Lock Detection

Provides Drive Lock detection support. The audit trail and event log records the presence of the Drive Lock device and records the Drive Lock's firmware version.

Speed Menu

A 'Speed' selection feature has been added to the SET menu to address issues in which the unit may duplicate at lower than expected transfer rates or if the operation fails during the benchmark or copy process.

PCMCIA port

Seize data from suspect SCSI devices to an IDE drive.

Provides method of saving event log information, and loading new application software, with a Compact Flash card.

Provides a method of saving the audit trail to a Compact Flash card.

Seize data from other media types that uses the PCMCIA interfaces such as Compact Flash.

WipeOut

A feature that sanitizes the evidence drive before capturing the seized image. Written to Department of Defense specification 5220-22M, this feature completely erases the evidence hard drive to ensure no traces of previous data.

Audit Trail

Using the optional serial thermal printer, the unit can print an Audit Trail that captures event log information such as date, time, image size, drive information and information of all partitions that were successfully copied. The audit trail also records the presence of the Drive Lock device and records detailed unit settings. The Audit Trail is printed on very high quality durable thermal paper and provides irrefutable evidence of the capture event. The Audit trail can also be saved to Compact Flash card.

Bad Sector Prompt

This feature allows the user to stop and prompt when bad sectors are encountered on the suspect drive; bad sectors may be "padded" with zeros to allow the capture process to continue.

Hardware binary keywords search

Search for hundreds of words while capturing at full speed. Store multiple groups of pre-defined key words on Compact Flash. The search results are retrieved directly to Windows. Search text can be executed on foreign characters, and based on case sensitive or case insensitive (for instance search for suspects' names, phone numbers, and any other incriminating information). New parameters can be added while in the field, using the built-in keypad.

Touch screen interface

Built-in keyboard on the touch screen interface provides an easy method of inputting data.

PS-2 Keyboard port

To use with external keyboard and bypass the touch screen keyboard.

Seize from Unopened computer using one of two 1394B ports or one USB 2.0 port

The unit can connect to the suspect's computer FireWire or USB interface to seize data at high transfer rates (3GB/min). This feature uses a Bootable CD that is inserted in the suspect's PC or notebook and allows the operator to use the suspect's monitor and keyboard to perform the copy as well as previewing the suspect's hard drive and partition information.

Analysis tools:

Using the 1394B or the USB 2.0 port to connect the IMSolo-3 Forensic unit (with the suspect's hard drive attached to it) to the examiner's notebook or PC, the operator can use analysis software tools (Encase, Access Data-FTK, Safe back, ILook, etc.) to preview the suspect's drive.

Print screen shots

Help investigator to get a search warrant

ADDITIONAL OPTIONS/ACCESSORIES

DVD Writer

The kit includes a DVD Recorder for archiving and restoring suspect's captured images.

Solo Forensics Thermal Serial Printer

The Serial Thermal printer provides a hard copy of the Audit Trail. The audit trail is printed on very high quality durable thermal paper and provides evidence of the capture event.

Biometric identification sensor

Used to restrict the usage of the unit to authorized operators only.

SCSI kit

Adaptec 1460D PCMCIA SCSI card with ICS software allowing data seizure from SCSI drives.

Fast SCSI expansion kit

This option will be release in phase 2, and will provide the IMSolo-3 Forensic unit the capability to seize data from SCSI drive to SCSI/IDE at high speeds.

PCMCIA-IDE kit

Allows seizing data from various PCMCIA type cards and media.



Copyright © 2006, ABC-US, Inc.
All rights reserved.