Toggle menu
+1-888-967-1999
Live chat
  • 0
    • Live chat
  • HDD/SSD Duplicator and Erasing Devices
  • PCIe M2 NVMe SSD Cloning and Erasing Devices
  • Flash Memory Cloning and Erasing Devices
  • Ethernet Based HDD/SSD Drive Cloning Device
  • Media & Entertainment CRU/Cable-Free Drive Cloning
  • Forensic HDD/SSD Drive Imagers
  • HDD/SSD Testers, Sanitizers, Erasers and Wipers
  • Hard Drive and Tape Degaussers
  • HDD, SSD Crushers and Destroyers
  • SSD, HDD, Flash, e-Scrap Shredders/Disintegrators
  • TapeMaster Data Tape Cloning & Migration
  • LTO Tape Analyzer, Cleaner, and Eraser
  • Shop by Brand
  • View all Brands
  • MSI Plus NVMe SATA Rugged Forensic Imaging Unit

    • MSI Plus NVMe SATA Rugged Forensic Imaging Unit

    Capture data from NVMe and SATA drives:
    • Three Gigabit Ethernet ports
    • Run Virtual Drive Emulator on “Suspect” drive
    • Run Multiple Cellphones Data Extraction
    • Run Full Forensic Analysis

    Call for pricing

    Write a Review
    SKU:
    MSI-0045-00A

    MSI Plus NVMe SATA Rugged Forensic Imaging Unit

    The MSI Plus NVMe SATA Rugged Forensic unit is a Portable forensic imager with the ability to serve as a complete Field Computer Forensic Investigative platform, allowing the user to capture data in the field from multiple sources to multiple targets simultaneously and extremely fast. It also enables the user to perform a full Forensic analysis using a third-party application like Encase. Additionally, the unit can also capture data from multiple cellphones and run cellphone analyses. The unit is durably built and easy to carry, comprising of a full-blown Desktop CPU, enabling the unit to have a high performance (this is different from laptops and other mobile solutions). The unit is built with 2 NVMe U.2, 2 SATA, and 4 USB3.1 ports that supports NVMe, SATA, and USB Flash drives. The unit’s fast Thunderbolt 3.0 port (40Gigabit/s) enables the user to capture data directly from Macbooks laptops. With the use of the optional TB3.0 Expansion Box it also enable the user to capture data from other interfaces such SAS/SCSI/FC. The user also can also use the TB port to connect to 10Gigabit/s networks and do a fast upload of the captured images to a network.

    Speed test:
    SATA to SATA Linux-DD copy max speed 32.7GB/min.
    NVMe to NVMe Linux DD copy max speed 98.5GB/min.

    Features

    • Captures data from storages devices with many types of form factors and interfaces(2.5”, 3.5”, mSATA, Micro SATA, M.2 SATA, M.2 NVMe, U.2 NVMe)
    • USB3.1 ports can be converted to SATA ports with the use of USB3.1 to SATA adapters (4 ports USB adapter KIT)
    • Previews data on the “Suspect” drive in secure environment
    • Captures and saves images across many ports and interfaces
    • Forensic image from multiple “Suspect” drives to one large “Evidence” drive
    • Simultaneously calculates HASH values: MD5/SHA1/SHA2
    • Automatic support for DCO/HPA special areas
    • Supports Bad Sector Handling (with 3 types of reporting)
    • Encryption with AES256 on-the-fly and decrypt at remote location
    • Supports save Images (DD, E01) to Network (NFS, CIFS, SAMBA) and capture from a Network via iSCSI storage protocols. Easy upload mode from 8 ports
    • Supports capture modes: % (adjustable) bit by bit copy, Linux-DD files, E01, EX01 with up to 16 compression engines
    • Remote-Capture data from an un-open Laptop/PC Via USB or Ethernet ports
    • Automated process using Scripting
    • Use the Unit as “writes block” to preview, capture from storage devices attached to the unit and upload then to the server via iSCSI protocols

    The MSI’s main application (the unit’s software) supports many imaging operations. Some of the tasks that the unit can be used for includes:

    1. Multiple Parallel Forensic Capture: Mirror (bit by bit), Linux-DD, E01/Ex01 (with full compression) formats, Mixed-Format DD/E01, and Selective Capture (files and folders with the use of file extension filters). Select a single partition to capture.
    2. Erase data from Evidence drive - using DoD (ECE, E), Security Erase, NVMe, and Sanitize erase protocols.
    3. View the data directly on Ubuntu Desktop screen.
    4. Encrypt the data while capturing (AES256).
    5. HASH the data while capturing – run all the three, SHA-1, SHA-2, and MD5 HASH engines, at the same time.
    6. Run a quick Keyword Search on the Suspect drive prior to capture.
    7. Run Multiple Cellphone/Tablets data Extraction and Analysis.
    8. Run Forensic Triage application.
    9. Run a full Forensic Analysis application like Encase/Nuix/FTK.
    10. Run Virtual Drive Emulator.
    11. Run Remote Capture from unopened laptops (Intel Based CPU).

    Additional operations that are available include erase verification on a drive that was previously erased, Full or Quick Format, HASH a drive, drive diagnostics, and scripting. The application supports forensic imaging of multiple drives, in multiple sessions, in simultaneous forensic imaging runs. The Optional TB expansion box enables the user to connect to a 10Gigabit/s network, or to an External HDMI monitor, or to plug additional optional storage controllers (SAS, SCSI, 1394, and FC) to support erase from more storage devices.

    Main Hardware Features:
    Case: Mobile, lightweight, Rugged, and easy to carry
    CPU: i7 Latest generation CPU
    Display: 12”, LED back-light, touchscreen, color LCD display.
    OS: Linux Ubuntu 64 bit and Win 10 Professional 64 Bit in a dual boot.
    Security: Linux OS (Linux is less targeted by malware).
    Application Updates: The application can easily be updated via USB thumb drive and displays a special update application screen.
    Hardware: The unit can be upgraded at the time of purchasing for additional cost to a larger internal SSD
    Hardware Upgrade: The unit can be upgraded at the time of purchasing for additional cost to a larger internal SSD.
    Hardware Specifications:
    RAM: 32GB DDR4 internal memory
    Internal Storage: 1TB SSD SATA
    Storage Controller: NVMe dual port controller
    Hardware Supports:
    Target Ports:One SATA and one NVMe U.2 ports, and 2 USB3.0/USB3.1 ports.
    Source Ports:One SATA port, and one NVME U.2 ports and two USB3.0/USB3.1 ports are set as source ports (the user cannot change the role of these ports).
    Thunderbolt 3.0 port:
    1. connect to Optional Thunderbolt to PCIE Expansion Box.
    2. connect to HDMI external monitor with supplied adapter.
    3. connect to 10Gigabit/s network via the Optional Thunderbolt to PCIE Expansion Box.
    4. connect to un-opened Mac.
    Supports Storage Protocols and Interfaces:NVMe, SATA, e-SATA enclosures, IDE, USB2.0, USB3.0/3.1, MMC, M.2 SATA, SAS*, SCSI*, FC*, 1394*.
    Supports Form Factors:3.5”, 2.5”, ZIF, 1.8”, Micro-SATA, Mini-SATA, Slim SATA, Ultra Slim SATA, M.2 NGFF, and CF-30.
    *With the optional TB 3.0 Expansion Option, Expansion storage controllers, and some KITS.
    Application Settings:
    HPA/DCO Automatic Supports:The application has the ability to automatically open HPA and DCO areas and re-size the drive to its full native capacity in order to erase any “hidden data” (HPA/DCO are special areas on the drive that support this feature).
    Bad Sectors Handling:The user can select to skip bad sectors/blocks or abort the operations. The skipped bad sectors will be reprted in the log file in detailed or in summary.
    48bit LBA Addressing:Supports drives with sizes up to 256TB.
    Application Features:
    GUI: The application is built with large, very simple, and easy-to-navigate icons. In a few clicks, the user can set the operation, and it will quickly start up and run.
    Speed:
    • Extremely fast – one of the fastest Forensic Imaging solutions available on the market today, achieving a speed of above 32GB/min for SATA SSD and 100GB/min for NVMe SSD.
    • Tested with the HASH verification operation with SHA-1, SSD ran a top speed of 30GB/min and 1TB WD Blue SATA-2 HDD ran a top speed of 10GB/min.
    • Tested with the Forensic Imaging operation of 1 to 2 with SHA-1, 3 SSD of Samsung Pro 240GB ran a top speed of 32GB/min.
    • Tested with the Forensic Imaging operation of 1 to 2 with SHA-1, 3 SSD of Samsung NVMe 1 TB ran a top speed of 100GB/min.
    Application Main Operation:
    • Forensic Imaging Mode
    • Complete Forensic Platform
    • Data Eraser and Format
    • HASH Calculation Authentication and Verification
    • Network

    Forensic Imaging Mode:

    • Mirror imaging bit by bit (100% or any % of the drive), DD, E01/Ex01 – with optional compression, Selective Capture (Capture Partitions, Files and Folders, and with the use of file extension filters), Mix-Format of DD/E01/Ex01, selecting one partition capture.
    • Targeted Imaging: Sometimes the forensic investigator does not have the time to do a full data capture of the Suspect drive. Now the user can use the Selective Imaging feature to select only partitions, files, or folders (like the Windows User-Folders or Windows User-Documents and User-Pictures). With the use of preset file extension filters or adding its own filters, the Forensic Investigator can narrow their capture scope and shorten its acquisition time.
    • Forensic Restore: Back up the data that was captured to another drive in the original format.
    • Forensic Images Formats:
      • Mirror Image Formats 100% Bit by Bit Mirror copy.
      • Linux-DD Format.
      • Encase E01/Ex01 Formats (includes options for optimizing the compression by adjusting the compression level and the number of compression parallel engines) and Mix-Format of E01/Ex01/Linux-DD.
      • Mix-Format is where the user can capture from one source drive and save the images onto multiple destination ports; each target port can be selected to be one of the 3 E01/Ex01/Linux-DD.
      • In addition, the user can use a file-based copy to copy files and folders by using selective imaging with file extension filters.
      • Single partition capture.
    • Drive Spanning: Supports spanning the captured data onto many “Evidence” drives when the Evidence drives are not large enough (also supports restore images that are spanned over multiple drives).
    • Encryption: On-the-fly AES256 encryption of the “Suspect” drive, saving the encrypted data on the “Evidence” drive in 100%, DD, E01/Ex01 formats.
    • Decryption: The user can perform decryption on a drive that has been previously encrypted by any of the MSI units. Alternatively, the user can use a standalone Linux decryption utility application to perform decryptions on an encrypted drive using any PC. The supplied standalone decryption utility application can be burned onto a USB flash drive that later can be used to boot the PC to the Linux decryption utility application, where the encrypted drive and a blank destination drive are attached to the PC (the user needs to supply to the utility application the saved encryption key).
    • Forensic Imaging Tool: In one read-pass from the “Suspect” drive, the MSI Plus application can run the following operations simultaneously: Forensic imaging with E01 format and full compression, Encryption with AES256, calculate 3 HASH Verification and Authentication values (MD5, SHA1, SHA2), save the captured Forensic Images to 2 “Evidence” drives to a local network, and external compact USB3.0/e-SATA TB RAID encrypted storage. The basic Forensic Imaging mode can be 1:1, 1:2, 1:3, 1:4, 2:2, 2:3 and up to 3:3 for SATA, 2:4 for USB3.0 storage devices, and 1:1 for NVMe.
    • Extreme Speeds when performing Forensic capture with E01/Ex01 formats and full Compression:
      • The new Linux-based MSI Plus application utilizes and optimizes multiple CPU cores to achieve one of the most efficient operations while also performing at incredibly high speeds with E01/Ex01 formats and full compression. The application allows the user to manually select and adjust the number of hyper-threads and the level of compression used during each session.
      • Forensic data captured with Encase E01/Ex01 formats with full compression is widely used for operations in the forensic industry and generally requires a trade-off between speed, space, and time of decompression by the Encase application.
      • Comparative tests show a 20% increase in speed when using the MSI Plus Linux-based application over the MSI Windows-based application. The tests were performed with the same hardware, the same hard disk drives (filled 43% of the drive with random data), and the same level 1 compression. The Linux-based application was set to use 16 compression threads.
    Data Eraser and Format:
    • Erase the Evidence drive prior to use (with extremely fast speed of up to 28GB/min with the use of SSD and up to 11GB/min with the use of HDD).
    • Erase the remainder of the drive after the copy.
    • Drive Erase Protocols:DoD 5220-22M, Security Erase, Enhanced Security Erase, Sanitize, NVMe Secure Erase, or a User-erase mode where the user can define the final data filling pattern and the number of iterations (Security Erase, Enhanced Security Erase, Sanitize, and DoD erase protocols are all NIST 800-88 compliant).
    • Format: NTFS, FAT, HFS+, EXT4, and exFAT.
    • Erase Logs and Erase Certification: The application generates extensive erase logs and files with an NIST 800-88 erase certification (also runs S.M.A.R.T. tests before and after the erase operation and is saved to XML file format) which can be exported to a USB thumb drive. The application also has a built-in erase database that can easily be exported to XLS.
    • Evidence Drive Formats: exFAT/FAT/NTFS/HFS+/EXT4.
    • Audit trail and operation Log Files: Generated automatically by the application and saves it on the Evidence/Target drive (PDF).
    Parallel Operations:
    • Multiple Session Operation:Improves the efficiency of the evidence data collection process by using multitasking and using a parallel imaging process. The user can take advantage of the MSI unit’s multiple available ports and run multiple, efficient, parallel operations. The user can mix different types of operations, and each operation can be set as a new independent session. An example of an operation: erase data from a drive connected to one port and HASH verify a different drive connected to the second port, all while performing forensic imagining of 1 to 1 on drives connected to the remaining ports.
    • Basic Parallel Forensic Imaging: The supported modes are – Native SAS/SATA (1 to 1, 1 to 2, 1 to 3, 2 to 2, 2 to 3 – the 2 to 3 imaging mode uses the e-SATA port, which needs to be supplied with external power. The 1 to 3 imaging mode needs to be configured at the time of purchasing the main unit) and USB3.01 (1 to 1 and 1 to 2).
    • More Ports for Forensic Imaging: with the use of USB3.0 to SATA fast adapters and in combination with the unit’s e-SATA port, the unit can support up to 2 to 7 and up to 4 to 7 Forensic Imaging of SATA drives.
    • In addition, using the optional Thunderbolt Expansion Box to add more desirable ports, like NVME, More SAS/SATA, and more..
    Parallel Operations - Linux Elaborated
    • Detection Application Screen: All drives and storage devices that are connected to the unit will be “scanned” and displayed in one application screen called “The Detection Screen”. The user can tap on each drive to get its detailed info and run some specific utilities regarding that drive (as long as it is a target drive) – like a quick S.M.A.R.T. test (only using the “Target” port), run a Virtual Emulator (“Source” port), safely preview the contents of the drive (“Source” port), as well as select it for any desired operation they are planning to use.
    • Parallel Forensic Imaging: This depends on the number and kind of ports that each model has. The application is very flexible in running multiple sources to multiple destinations, all in simultaneous operations. The user has the flexibility to change a port’s role from “Evidence” to “Suspect” port. The session control application screen provides the user with comprehensive information and direct control over the running sessions, including all the settings of the session and the ability to abort the session.
    More Features
    • Drive Trim: Allows the user to manipulate the HPA/DCO area on the drive to create an Evidence/Target drive with the same capacity of the Suspect/Source drive.
    • Unit’s User Configuration: This feature allows the administrator of the unit to set specific operations with specific settings, and allows the user to secure it with a lock password (This feature needs to be requested at the time of purchasing the main unit – it is needed for security purposes).
    • Tasks Scripting: The user can create a script to run sequential operations and parallel operations. There are no limitations on the number of scripts and operations one can run. Be aware that if the operation requires the use of an input it will stop and wait for the user to input (like when the user is running a drive scanning and a user’s response is needed).
    • Language Supports: Easy to implement translations for new languages. Now supporting Korean and Chinese languages.
    • Keyword search: Gives the user the ability to perform a quick keyword search on the Suspect drive’s files and folders, with filters on the files extension types and with a few important keywords (this is a quick keyword search to determine if a Suspect drive needs to be captured).
    • Keyword search while imaging: Gives the user the ability to perform a quick keyword search on the Suspect drive’s files and folders, with filters on the files extension types and with a few important keywords included in the search images.
    • Partition imaging: Gives the user the ability to select only one partition (per sessions) to perform forensic imaging and save it into the Evidence drive in DD/E01/Ex01 format.
    • Network Multiple Forensic Image Loader: Besides the ability of the application to upload forensic images (DD, E01) to the network via the 1Gigabit/s network port, there is also a unique feature/solution that can solve the streaming bottleneck issue by using a single port. With this solution the user can upload many Forensic images directly to a local network using 5 equivalent 1Gigabit/s network streams. Alternatively, the user can use the Thunderbolt 3.0 port to connect to a 10Gigabit/s network.
    Expansion Capabilities and Main Hardware Options:
    • Expansion Box Option: Optional Thunderbolt 3.0 expansion box, using the unit’s extremely fast Thunderbolt 3.0 port to capture data from SAS, FC, SCSI. Or connect to a 10Gigabit/s Network in order to save the captured images.
    • SAS 4 ports Option: Include 4 Ports SAS controller plugged inside the TB3.0 Expansion Box, external PS to power 4 SAS hard disk drives and all the cabling. (Since the thunderbolt 3.0 port has a bandwidth of 40Gigabit/s, capturing data from those ports are very fast.)
    • USB3.0 to SATA Adapters and Kits Option: Today USB3.0 technology is extremely fast and can run read data from SSD drives up to 20GB/min. With the use of the USB3.0 to SATA 4 channel Kit, the user can convert 4 USB3.0 ports to 4 SATA ports on any of MediaClone’s units. The optional Kit is supplied with one external PS and includes all the cabling to power and connect the 4 USB3.0 to SATA adapters. The tested performance when running 4 adapters in parallel was measured at a very high speed and with very little speed degradation.
    • SCSI KIT Option: The SCSI Kit includes the low profile PCIE X1 SCSI controller with single port, 2 channel SCSI LVDS cables (68pin connectors), SCSI terminator, VHDCI to SCSI 2 adapter, and supports 2 SCSI Hard Disk Drives.
    • 1394 KIT Option: The 1394 Kit includes the controller with dual 1394B and one 1394 ports and cables. 1394 storage devices can easily be daisy chained.
    • Full NVMe KIT Option: Supplied with NVMe SFF-8639 cable and controller enabling the user to capture data from M.2, SFF-8639 (U.2) or PCIE NVMe SSD.
    • Thunderbolt Option: With the use of the 1394 Option and Thunderbolt to 1394 adapter, the user can connect the unit into a Mac that has a TB port (that is booted in target mode) allowing the user to access the Mac’s internal drive (The kit includes support Thunderbolt 2.0 and Thunderbolt 3.0).
    • Express Card Option: With the use of the Express card reader plugged into the Expansion Box the unit can support PCIE memory cards such as Sony SxS.
    • Built in the US: The units are built and tested in the US.
    • Warranty: One-year free warranty on the main unit (does not include warranty on accessories, adapters, and cables).
    Ports:
    • Native NVMe 2 ports , SATA 2 ports with data and power combo Ports (2 source and 2 target ports).
    • e-SATA: 1 Port (connected directly to the motherboard) for external storage (“hot” plug) for DVD, or as a normal Evidence Port.
    • USB3.0/3.1: 4 Ports (2 source and 2 target ports; all ports can also be used as a host to plug and use a keyboard, mouse, and other peripherals).
    • Thunderbolt 3.0: 1 Port that can be used to:
      • connect to PCIE Expansion Box
        • enabling the user to add other storage controllers to perform capture data from NVMe SSD, FC, and SCSI
        • enabling the user to plug in 10Gigabit/s controllers and use it to save images to a 10Giga network.
      • as an HDMI port.
      • connect to a Mac for captured data from MacBooks (see Thunderbolt KIT).
    • 1Gigabit/s: 1 Port (for network connectivity and remote data acquisition from an unopened PC/Laptop.
    • Additional ports: One 1Gigabit Ethernet port, 2 Audio 3.5mm connectors to support the plug in of speakers, ear-phones, and/or microphones, 2 USB2.0 ports for generic use, like a Codemeter dongle, and an e-SATA 6Gbit/s port.
    Power Characteristics
    • A built-in, universal, auto switching 300W UL/CE/PSE external power supply adapter with a key and lock-in mechanism to avoid accidental disconnection.
    • Input Voltage: 100-240V/50-60Hz.
    • Power Consumption excluding External Drives: 120W
    Operating Environment:
    • Temperature: 5°C - 55°C (40°F-130°F)
    • Relative humidity: 20-60% non-condensing.
    Mechanical Characteristics
    • Unit net weight: 19 lbs
    • Unit dimensions: 15.00” x 12.13" x 6.90"
    • Shipping dimensions: 20" x 20" x 15", 24.00 lbs.
    Included Items:
    • 4 SAS/SATA Extension cables.
    • Thunderbolt 3.0 to HDMI adapter.
    • USB mini Keyboard
    • SE-520 hard case with an internal metal chassis.
    • Accessory bag to store all adapters, cables, and the keyboard.

    Custom Field

    Capture data from NVMe and SATA drives
    • Three Gigabit Ethernet ports
    • Run Virtual Drive Emulator on “Suspect” drive
    • Run Multiple Cellphones Data Extraction
    • Run Full Forensic Analysis

    Product Reviews

    Write a Review