Forensics tool makes sure investigators don't come up empty
- By Kevin McCaney
- Sep 13, 2013
Law enforcement teams collecting digital evidence can sometimes spend hours copying hard drives and other disks only to return to their lab and find that they’ve come up empty. If the drives were protected with ATA passwords, which prevent anyone from copying data on a disk, all they’ll see is zeros.
Computer forensics company CyanLine can help avoid that wasted time with its new Fast Disk Acquisition System (FDAS), which gives investigators a real-time preview of what’s on a drive, including whether it has password protection.
“I’ve witnessed countless investigators go on location, take four to six hours to make a forensic image, arrive back at the office and only then realize they hadn’t made a valid copy because the original disk was either password-protected or the wrong disk,” Steven Branigan, CyanLine CEO and the creator of FDAS, said in announcing the device. If forensic investigators know at the scene that a drive is protected, they can spend their time cracking the password rather than fruitlessly copying the empty data.
FDAS, priced at $4,000, is portable, at 6 inches by 8 inches by 4 inches, and capacious, with 1.5T of built-in storage. It’s also fast, transferring data at 12 gigabytes/sec, the company said. The device copies the entire contents of a drive, including hidden sectors, host protected areas and device configuration overlays, without erasing or altering any data on the drive being copied. Once copied, FDAS blocks write access to its stored data to prevent tampering.
The device also can travel, with a smart power supply built to handle the different voltages overseas.
Kevin McCaney is a former editor of Defense Systems and GCN.