Forensic Tools for Disk Imaging & Secure Wiping of Data as per DOD 5220-22M.
Part 1Hi Friends,
There are many Hardware Forensics tools available today however the best of all is Road MASSter 2.A Complete, Portable Computer Forensic Lab, the
Road MASSter 2 is the most advanced Computer Forensic Tool in the market today.
It can be used to image hard drives of any kind as well as capturing data from other media and unopened computers, and supports different copy formats and hashing methods.
Features:-.: MD5 and CRC32 and SHA1 Hashing: MD5, CRC32 or SHA1 hashing generation can be performed during data capture, ensuring that the transferred data is an exact replica of the Suspect’s data without modification.
.: Forensic Toolkit Graphical User Interface: The ICS proprietary RoadMASSter II Forensic Toolkit application provides all the tools necessary to perform high speed Forensic data acquisition operations.
.: High Speed Operation: Data transfer rates can exceed 3.3GB/min.
.: Multiple Capture Methods: Seize in a Forensic sector-by-sector format method or using a segmented file format method (Linux-DD). The Linux-DD capture method allows seizing multiple images to one Evidence drive.
.: Built in Write Protection: Suspect’s data is protected with built-in write protection.
.: Built in LinkMASSter FireWire 1394B and USB 2.0 Interface: This specialized built in interface can be used to acquire data from a Suspect’s unopened Notebook or PC.
.: Multiple Media Support: Supports data transfer between P-ATA, S-ATA and SCSI hard disk drives. Interface ports and readers are available to support today’s common media devices such as ATA compatible Flash devices, External FireWire/USB drives, and DVD/CD media. Built-in Standard 2.5" interface supports Notebook drives.
.: Preview and Analyze: The RoadMASSter II provides the capability to preview and analyze Suspect’s write protected data under the Window’s environment or using third party analysis software tools.
.: WipeOut: Sanitize drives and erase data to the DOD specs or perform fast operation at speeds greater than 4GB/min.
.: Audit Trail and Logs: Detail operational event log information can be printed or save.
.: WipeOut DoD Option: This option is designed to erase data on disk drives. WipeOut was designed to meet the U.S. Department of Defense specification DOD 5220-22M regarding the sanitization of hard disk drives.
.: WipeOut Fast Option: The Wipeout Fast option provides a quick non-DoD method of sanitizing a drive of all previously stored data.
.: LinkMASSter Application: The LinkMASSter application, combined with the unit’s built-in FireWire/USB interface, provides a fast and effective solution for capture of drive data from a Suspect’s un-opened PC or Notebook to an Evidence drive connected on the RoadMASSter II unit. The application is run from the supplied LinkMASSter bootable CD which write protects the Suspect’s drive during initialization and during data acquisition. The LinkMASSter application supports on the fly hashing using MD5, CRC32 and SHA1.
.: Linux-DD Capture Mode: The LinuxDD Capture Mode supports seizing the entire contents of the Suspect’s drive by capturing data as individual “LinuxDD” segmented files, which are stored in an individual subdirectory on the Evidence drive. This option also allows any number of seizures to be performed using the same Evidence drive, provided there is adequate space to save the seized data.
.: Single Capture Mode: Suspect drive will be captured sector by sector to the Evidence drive.
.: Intelligent Capture Mode: The Intelligent Capture Mode (IQCopy) provides a fast method of seizing Windows FAT-16, FAT-32 and NTFS files systems. The file system is analyzed and only the allocated drive space is captured.
Nitin KushwahaCHFI.CEH.NSA.SCSCA.CIW-SA.ITIL.MCSE.MCSAhttp://www.icsforensic.com
