Home > Digital / Computer Forensic Imaging >

SuperImager Plus 7" Mini Field Forensic Imaging, Cellphone data Extraction (Optional Dual Boot)

SuperImager Plus 7" Mini Forensic Field Unit with 7" Touchscreen Color LCD display and SATA/USB3.0 Ports
SuperImage Plus 7" Mini Forensic Field unit - Handy and fast Forensic Field imaging tool


 
Alternative Views:


SuperImager Plus 7" Mini Field Forensic unit - with 3 SATA ports and 4 USB3.0 ports. The perfect tool to run Triage data collection application, Fast Forensic Imaging, virtual drive emulator, and Cellphone data extraction & analysis application. The unit can be powered with external Li-Polymer battery.

Product Code: SIM-0002-00A
Please call for pricing

Description Technical Specs Extended Information
 
    SuperImager® Plus Forensic 7" Mini - Field Forensic Imaging and Platform. The unit can be used as a Field Forensic Imaging device, Cellphone data extractions and analysis, and Triage data collections.
  • The unit as Forensic Imaging device:
  • The SuperImager Plus 7" Mini Forensic field unit is very compact, lightweight, and easy to carry, and it is the perfect tool to perform Forensic Imaging out in the field. It built with 7" Touchscreen color high-resolution LCD display, 3 SATA ports (with secure and keyed SATA power connector), 4 USB3.0 ports, 1 Gigabit/s Ethernet port, and a VGA port. It is affordable and capable of performing extremely fast Forensic Imaging (Run a 100% bit by bit imaging at 21GB/min on SSD) and fast Hash Authentication (Run SHA-1 at 26GB/min on SSD and 8GB/min on 1TB WD Blue Drive).
    The SuperImager Plus application has the capabilities to perform in one read pass from the "Suspect" hard disk drive:
    1) Forensic Imaging with E01/Ex01 format and full compression
    2) Encryption with AES256
    3) Parallel hash authentication (MD5, SHA1, SHA2),
    It is also capable of saving Forensic Images to three destinations in the same time:
    1) 2 external SATA Evidence Hard Disk Drives
    2) External compact USB3.0/eSATA RAID encrypted storage device
    3) Network.
    Also, with the use of 4 USB3.0 to SATA optional KIT, the user can convert the unit's 4 USB3.0 ports to 4 SATA ports, and have a total of 7 SATA ports available to be used. Thus using 6 of the 7 available SATA ports, the user can perform Forensic Imaging from 3 "Suspect" drives to 3 "Evidence" drives in 3 separate sessions
  • The Unit as a field Erase unit:
    The user can erase drives and USB3.0 storage devices, by using the unit’s 2 SATA ports and 3 USB3.0 ports. The application supports DoD erase (Full), Security Erase, Enhanced Security Erase protocols which are NIST 800-88 compliant. The application supports user erase mode with verification pass, and erase verification mode for drives that were previously erased by a third-party applications or tools.
  • The Application generates easy-to-extract log files and NIST certificates.
  • The unit as a field Forensic platform:
    The Forensic investigator can load and run third-party applications such as Cellebrite, Oxygen, DART, Paraben, BlackBag. The user can also run third-party Triage applications under Windows on the attached Suspect or Evidence drives. The MediaClone Windows Drive Power Utility application allows the user to mount safely drives as read-only or read-write (depends on the unit’s port) in a secured way. The application also allows the user to dismount and remove drives in a safe way. Suspect’s port is automatically assigned to be read only
  • The unit as a field Virtual Drive Emulator (Optional S/W)
    The user can use the Drive Emulator Built-in module in the SuperImager Plus Linux application to simulate, on the spot, the Suspect PC environment, browse the Suspect drive under Windows, transfer and copy important files from the Suspect drive to any destination drive. The Drive Emulator works only on Windows-based Suspect drives. The application can mount Suspect raw drives or an image of the Suspect drives (DD/E01)
  • Optional External Battery:
  • An External Compact Battery Option is available: the user can complete Forensic Imaging 100% bit-by-bit from one WD 1TB hard disk drive to 2 WD 1TB drives for about 2 hours, or perform a continuous cellphone extraction and analysis for about 5 hours
  • Crucial data upload with External Wi-Fi and Cellphone HotSpot features:
  • With the use of USB3.0 to Wi-Fi adapter and with the user Cellphone HotSpot feature, The SuperImager Plus 7” Mini unit can connect to the internet, satellite or any other network to upload crucial data.
  • Dual Boot Option:
  • The user can purchase the unit with only Linux OS for Forensic Imaging purpose. Dual Boot to Windows is optional for additional cost
    • For Data Capture Under Linux: Perform Forensic Imaging under Linux for a faster, more efficient and a more secure operation
    • To Analyze the Captured Data Under Windows: Reboot the unit to Windows, and use third-party applications to perform data analysis and other tasks
  • Multiple Forensic Images Network Loader:
    A unique feature solves the 1 Gigabit/s Ethernet port bottleneck. The user can upload many forensic images directly to a local network using 5 equivalent 1 Gigabit/s Ethernet network streams
Features
    • Main Hardware Features
    • Case: Mobile, very compact
    • CPU: i5 Mobile
    • Display: 7" (1280X800) LED backlight Touchscreen color LCD display
    • Hardware: Very high-quality high performing components, some with military specifications.
    • OS: Linux Ubuntu 64 Bit
    • Writes-Block: Using “device driver” blocking mechanism based on Maxim Suhanov Mechanism (https://github.com/msuhanov/Linux-write-blocker)
    • Application Updates: Application can be easily updated via USB flash drive and special update screen
    • Application Settings:
    • HPA/DCO Automatic Supports: The application has the ability to automatically open HPA and DCO areas, and resize the "Suspect" hard drive to its full native capacity, in order to capture any “hidden data” (HPA/DCO are special areas on the hard disk drive that support this feature)
    • Bad Sectors Handling: User can select to skip bad sectors/blocks, or abort the operation when it encounters bad sectors/block of sectors on the "Suspect" hard disk drive
    • Ports:
    • Forensic Images Destination: User can save Forensic Images to a local network shared folder for easy access and analysis, or save images to external USB3.0 RAID (encryption is optional) storage in a very good speed
    • Captured Storage Protocols and Interfaces: SATA, e-SATA enclosures, IDE, USB2.0, USB3.0, M.2 NGFF (SATA or PCIE base), MMC
    • Form Factors: Capture data from various form factor devices: 3.5", 2.5", ZIF, 1.8", Micro-SATA, Mini-SATA, M.2 NGFF
    • Cross Copy from Ports and Interfaces: The user can choose to capture from one type of port, storage protocol, and interface, and save the forensic Images into a different port, storage protocol, and interface. The cross copy of data can be performed between SATA/IDE/USB interfaces
    • Application Features:
    • GUI: The application is built with large icons and is very simple and easy-to-navigate. In a few clicks, user can set the operation, and it will be quickly up and running
    • Speed: Extremely fast
    • • Tested with Hash verification operation with SHA-1 enabled the recorded top speed was 29GB/min with Solid State Drive and 10GB/min with 1TB WD Blue SATA-3 Hard Disk Drive
    • •Tested with Forensic Imaging operation of 1 to 2 with SHA-1 enabled the recorded sustained top speed was 29GB/min with 3 SSD of SanDisk 120GB Extreme II
    • Hash Authentication: Simultaneously calculates on-the-fly up to 3 Hash Authentication values MD5/SHA-1/SHA-2
    • Encryption: On-the-fly AES256 encryption of the "Suspect" Hard Disk Drive, saving the encrypted data on "Evidence" Hard Disk Drive in 100%, DD, E01/Ex01 formats
    • Decryption: The user can perform decryption on a drive, previously encrypted by any of the SuperImager units. Alternatively user can use a standalone MediaClone Linux decryption utility application to perform decryption on that drive using any PC. The supplied standalone decryption utility application can be burned onto a USB flash drive that later can be used to boot the PC to the Linux utility, where the encrypted drive and a blank destination drive were attached to the PC. (The user needs to supply to the utility application the saved encryption key)
    • Forensic Images can be saved in those Formats: Mirror Imaging (100% or any % of the drive in Bit by Bit copy), Linux DD Format, Encase E01/Ex01 formats include options for optimized compression
    • Evidence Drive Formats: FAT, NTFS, exFAT, HFS+, EXT4
    • Log Files: Audit trail in PDF formats, or txt formats with ability to customize the reports and adding company Logo
    • Drive Spanning: Supports spanning the captured data onto many “Evidence” drives , when the Evidence drives are not large enough (Also supports restore from spanned multiple drives)
    • Main application Features:
    • • Forensic Imaging Mode
    • • Forensic Restore back data to original
    • • Erase data from drives and Quick Format
    • • Hash calculation authentication and verification
    • Main Forensic Imaging Mode Features:
    • • Forensic Imaging Mode 100%, DD, E01/Ex01 – with optional compression
    • • Hash while capture: MD5, SHA-1, SHA-2 (all 3 can be selected simultaneously)
    • • Erase Reminder of the drive
    • • Encryption/Decryption
    • Parallel operations:
    • Parallel Forensic Imaging - Multiple Session Operations: User can run a multiple efficient parallel operations, since many ports are available. User can mix different type of operations, and each operation is set as a new independent session. Example of operations: erase data from a hard disk drive on one port, hash verify on second port, while forensic imaging 1 to 1 on the remaining ports
    • Basic Parallel Forensic Imaging: The supported modes are:
    • Native SATA: 1 to 1, 1 to 2
    • USB3.0: 1 to 1, 1 to 2, 2 to 2
    • More Ports for Forensic Imaging:
    • With the use of USB3.0 to SATA fast adapters, the unit can support up to 2 to 5 of SATA Hard Disk Drives
      Parallel operation – Linux Elaborated:
    • Hard Drive Detection Application Screen: All hard disk drives and storage devices that are connected to the units will be scanned and displayed in one application screen called “the detection screen”. User can tap on each drive to get its detailed info, as well as selecting it for the desired operation they are planning to use
    • Parallel Forensic Imaging: It depends on the number and the kind of ports that each model has. The application is very flexible in running multiple sources to multiple destinations, all in simultaneous operations. The user has the flexibility to change a role of a port from Evidence port to Suspect port, and is not limited by the pre-assigned "Suspect" ports. The session control application screen provides the user with a very comprehensive information and control over the running sessions, including all the setting of the session, and ability to abort the session
    • Parallel Forensic Imaging - Multiple Session Operations: User can run multiple efficient parallel operations and can mix different type of operations; for example erase hard disk drive on one port, hash verification on another port, while performing forensic imaging on other ports (each operation can function as a new independent session). The number of sessions also depends on the CPU: i5 -4 sessions, i7- 8 sessions
    • Network:
    • Network Capture: Data from network folder can be captured and saved into “Evidence” drives via iSCSI storage protocols. (SMB, NFS, CIFS)
    • Saves Forensic Images to Network: Upload multiple Forensic images to a local network (DD, E01), simultaneously by using up to 5 parallel 1Gigabit/s network streams
    • Remote Capture - Capture Data from the Internal Hard Disk Drives of a Computer: Using USB or 1 Gigabit/s Ethernet ports of the laptop/computer, enables capture without the needs to remove the hard drive from the laptop/computer (Speed is restricted to performance of the Laptop/PC CPU and the 1 Gigabit/s connection)
    • Erase and Quick Format Operation:
    • Hard Disk Drive Erase Protocols: DoD 5220-22M(ECE, E), Security Erase, Enhanced Security Erase, or user can define the final data filling pattern and the number of iterations (DoD and Security Erase protocols are NIST 800-88 compliance)
    • Quick Format: NTFS, FAT, HFS+, EXT4, and exFAT
    • Logs and Erase Certification: The application generates extensive erase log files and erase certification (option to save to NIST 800-88 format) that are easy to export to USB flash drive
    • Unit as a Platform:
    • File Preview: Browse and preview captured data on the Internal Display
    • High Performances: As a platform, a forensic investigator can, in addition to imaging and capturing data, load and run third-party applications to analyze the captured data:
    • • Cellphone/Tablet data extraction and analysis: Cellebrite, Oxygen, BlackBag, MPE+, Paraben applications
    • • Triage data collection: Nuix/Encase portable applications
    • Expansion capabilities and the main hardware options:
    • USB3.0 to SATA adapters and Kits Option: Today USB3.0 technology is extremely fast and can run read data from SSD drives up to 20GB/min with the use of USB3.0 to SATA 4 channel Kit, the user can convert 4 USB3.0 ports to 4 SATA ports on any of MediaClone units. The optional Kit is supplied with one external PS, and it includes all the cabling to power and connected the 4 USB3.0 to SATA adapters.The tested performance when running 4 adapters in parallel was measured at a very high speed, with a very little speed degradation
    • USB3.0 to M.2 (NGFF) adapters Option: Currently, most laptops and tablets use M.2 (NGFF) Storage devices. This adapter supports connectivity to some of the newest SSD M.2 storage (Storage that is supported by SATA Protocols). There is a class of SSD drives with NGFF connectors, which are not supported by SATA protocols, and cannot be used with those adapters. Also the M.2 (NGFF) connectors use to comes in a variety of connectors and it was not standardized until 2014
    • USB3.0 to M.2 (NGFF) PCIE(not NVMe) base adapters Option: Few adapters are available that supports PCIE base SSD that are been used in MackBook Air 2012+, MacBook Pro Retina 2012+, MacBook 2013-14 with special interface (12+16), and adapter with M.2 generic B+M connectors
    • External Battery Option: Support the use of an external Lithium-Polymer battery that enables the user to run a full data capture in the field on hard disk drives, operated on battery for a long time. (Able to complete forensic imaging of WD 1TB hard disk drives with imaging mode of 1 to 2 for 2 hours, or Cellphone data extraction and analysis for 5 hours, all performed with the use of the external battery)
    • Built in the US: The units are built and tested in the US
    • Warranty: One year warranty for the main unit. (It does not include cables and accessories)

Accessories
Mini SATA(mSATA) to SATA Adapter ErgoTouch USB TouchPad USB3.0 MMC Card reader IDE to SATA Adapters
Mini SATA(mSATA) to SATA Adapter ErgoTouch USB TouchPad USB3.0 MMC reader IDE to SATA Adapters
1.8" IDE to SATA Adapter SATA Split Data Cable External Encypted Mobile TB RAID Storage Macbook 2013-14 PRO/Air SSD to USB3.0 adapter supporting PCIE base SSD (12+16 type)
Our Price: $150.00
1.8 Inch IDE to SATA adapter SATA Split Data Cable Macbook 2013/2014 to USB3.0 adapter supports PCIE SSD
External Lithium - Polymer Battery Option for 7" Mini Units Laptop Remote Access & Data Capture Kit for SuperImager units Mac SSD 7+17 pins to SATA adapter for MacBook Pro 2012 USB3.0 to e-SATA Adapter at Speed of 3GBs
7" Mini External battery option. Laptop remote capture kit with the use of SuperImager units USB3.0 to e-SATA adapter at speed of 3Gbs.
M.2 (NGFF) SSD to SATA III B (SATA base only) ZIF Adapter to SATA Adapter, with a Flex Cable 2.5 Inch IDE to SATA Adapter SATA Split Power Cable
ZIF Adapter to SATA Adapter 2.5 Inch IDE to SATA Adapter SATA Split Power Cable
USB3.0 to SATA Adapters - 4 Channel Kit include power - Linux Micro SATA to SATA Adapter USB3.0 to SATA-3 Adapter - For Linux M.2 NGFF to USB3.0 adapter supporting PCIE base SSD (B+M) not NVME
Our Price: $150.00
USB3.0 to SATA 4-Channel kit- Linux Micro SATA to SATA Adapter M.2 NGFF to USB3.0 adapter supports PCIE SSD

Share your knowledge of this product. Be the first to write a review »