MSI Plus NVMe SATA Rugged Forensic Imaging Unit
The MSI Plus NVMe SATA Rugged Forensic unit is a Portable forensic imager with the ability to serve as a complete Field Computer Forensic Investigative platform, allowing the user to capture data in the field from multiple sources to multiple targets simultaneously and extremely fast. It also enables the user to perform a full Forensic analysis using a third-party application like Encase. Additionally, the unit can also capture data from multiple cellphones and run cellphone analyses. The unit is durably built and easy to carry, comprising of a full-blown Desktop CPU, enabling the unit to have a high performance (this is different from laptops and other mobile solutions). The unit is built with 2 NVMe U.2, 2 SATA, and 4 USB3.1 ports that supports NVMe, SATA, and USB Flash drives. The unit’s fast Thunderbolt 3.0 port (40Gigabit/s) enables the user to capture data directly from Macbooks laptops. With the use of the optional TB3.0 Expansion Box it also enable the user to capture data from other interfaces such SAS/SCSI/FC. The user also can also use the TB port to connect to 10Gigabit/s networks and do a fast upload of the captured images to a network.
SATA to SATA Linux-DD copy max speed 32.7GB/min.
NVMe to NVMe Linux DD copy max speed 98.5GB/min.
- Captures data from storages devices with many types of form factors and interfaces(2.5”, 3.5”, mSATA, Micro SATA, M.2 SATA, M.2 NVMe, U.2 NVMe)
- USB3.1 ports can be converted to SATA ports with the use of USB3.1 to SATA adapters (4 ports USB adapter KIT)
- Previews data on the “Suspect” drive in secure environment
- Captures and saves images across many ports and interfaces
- Forensic image from multiple “Suspect” drives to one large “Evidence” drive
- Simultaneously calculates HASH values: MD5/SHA1/SHA2
- Automatic support for DCO/HPA special areas
- Supports Bad Sector Handling (with 3 types of reporting)
- Encryption with AES256 on-the-fly and decrypt at remote location
- Supports save Images (DD, E01) to Network (NFS, CIFS, SAMBA) and capture from a Network via iSCSI storage protocols. Easy upload mode from 8 ports
- Supports capture modes: % (adjustable) bit by bit copy, Linux-DD files, E01, EX01 with up to 16 compression engines
- Remote-Capture data from an un-open Laptop/PC Via USB or Ethernet ports
- Automated process using Scripting
- Use the Unit as “writes block” to preview, capture from storage devices attached to the unit and upload then to the server via iSCSI protocols
The MSI’s main application (the unit’s software) supports many imaging operations. Some of the tasks that the unit can be used for includes:
- Multiple Parallel Forensic Capture: Mirror (bit by bit), Linux-DD, E01/Ex01 (with full compression) formats, Mixed-Format DD/E01, and Selective Capture (files and folders with the use of file extension filters). Select a single partition to capture.
- Erase data from Evidence drive - using DoD (ECE, E), Security Erase, NVMe, and Sanitize erase protocols.
- View the data directly on Ubuntu Desktop screen.
- Encrypt the data while capturing (AES256).
- HASH the data while capturing – run all the three, SHA-1, SHA-2, and MD5 HASH engines, at the same time.
- Run a quick Keyword Search on the Suspect drive prior to capture.
- Run Multiple Cellphone/Tablets data Extraction and Analysis.
- Run Forensic Triage application.
- Run a full Forensic Analysis application like Encase/Nuix/FTK.
- Run Virtual Drive Emulator.
- Run Remote Capture from unopened laptops (Intel Based CPU).
Additional operations that are available include erase verification on a drive that was previously erased, Full or Quick Format, HASH a drive, drive diagnostics, and scripting. The application supports forensic imaging of multiple drives, in multiple sessions, in simultaneous forensic imaging runs. The Optional TB expansion box enables the user to connect to a 10Gigabit/s network, or to an External HDMI monitor, or to plug additional optional storage controllers (SAS, SCSI, 1394, and FC) to support erase from more storage devices.
|Main Hardware Features:|
|Case:||Mobile, lightweight, Rugged, and easy to carry|
|CPU:||i7 Latest generation CPU|
|Display:||12”, LED back-light, touchscreen, color LCD display.|
|OS:||Linux Ubuntu 64 bit and Win 10 Professional 64 Bit in a dual boot.|
|Security:||Linux OS (Linux is less targeted by malware).|
|Application Updates:||The application can easily be updated via USB thumb drive and displays a special update application screen.|
|Hardware:||The unit can be upgraded at the time of purchasing for additional cost to a larger internal SSD|
|Hardware Upgrade:||The unit can be upgraded at the time of purchasing for additional cost to a larger internal SSD.|
|RAM:||32GB DDR4 internal memory|
|Internal Storage:||1TB SSD SATA|
|Storage Controller:||NVMe dual port controller|
|Target Ports:||One SATA and one NVMe U.2 ports, and 2 USB3.0/USB3.1 ports.|
|Source Ports:||One SATA port, and one NVME U.2 ports and two USB3.0/USB3.1 ports are set as source ports (the user cannot change the role of these ports).|
|Thunderbolt 3.0 port:||
|Supports Storage Protocols and Interfaces:||NVMe, SATA, e-SATA enclosures, IDE, USB2.0, USB3.0/3.1, MMC, M.2 SATA, SAS*, SCSI*, FC*, 1394*.|
|Supports Form Factors:||3.5”, 2.5”, ZIF, 1.8”, Micro-SATA, Mini-SATA, Slim SATA, Ultra Slim SATA, M.2 NGFF, and CF-30.|
*With the optional TB 3.0 Expansion Option, Expansion storage controllers, and some KITS.
|HPA/DCO Automatic Supports:||The application has the ability to automatically open HPA and DCO areas and re-size the drive to its full native capacity in order to erase any “hidden data” (HPA/DCO are special areas on the drive that support this feature).|
|Bad Sectors Handling:||The user can select to skip bad sectors/blocks or abort the operations. The skipped bad sectors will be reprted in the log file in detailed or in summary.|
|48bit LBA Addressing:||Supports drives with sizes up to 256TB.|
|GUI:||The application is built with large, very simple, and easy-to-navigate icons. In a few clicks, the user can set the operation, and it will quickly start up and run.|
|Application Main Operation:|
Forensic Imaging Mode:
|Parallel Operations - Linux Elaborated||
|Expansion Capabilities and Main Hardware Options:||
- Three Gigabit Ethernet ports
- Run Virtual Drive Emulator on “Suspect” drive
- Run Multiple Cellphones Data Extraction
- Run Full Forensic Analysis