Home > Line of Products ↓ >

SuperImager Pus USB Multi ports Flash Drives Forensic Imager
SuperImager Multi USB flash drive copier unit with 20 USB3.0 ports and 10" Touchscreen LCD color display.
SuperImager Desktop Multi USB – A multiple channels flash drive forensic imaging device.
 
SuperImager Multi USB forensic imaging device is Industrial, standalone, 20 USB flash drive duplicator unit. Extremely fast, built-in with 20 USB3.0 ports. Supports Forensic Imaging up to 1:19 (or any other combination of ports) USB flash drives and SSD, all in parallel operation. The user can image a drive in 100% bit by bit copy (Mirror Image), DD, E01/Ex01, VHD copy, Triage Selective Capture (Files and folders). The unit runs under Linux OS, and it supports an extremely high transfer rate (up to 31.5GB/min with SSD). The unit is considered one of the best in the market, with an elaborated imaging application


Availability:: Usually Ships in 1 to 2 Weeks
Product Code: SILU-0001-00B
Qty:

Description Extended Information
 
The SuperImager® Desktop Multi USB Forensic Imager unit is a standalone flash 20 USB ports drive imaging with multiple ports; enabling the user to forensic image, and erase multiple drives at the same time very efficiently. The unit is industrial and durably built, using a desktop-style, with easy to use touchscreen icons. The unit supports hard disk drives, SSD, and USB Flash drives. The SuperImager main application supports many modes of operations, such as:
Mirror, Linxu-DD, EnCase E01/Ex01, AFF4, Selective Imaging and more.
Features
- Case: Portable, lightweight, small, and easy to carry.
- CPU: i7 Latest Generation Multi Core CPU
- Display: color LCD display, 10” LED back-light, with resistivity touchscreen.
- OS: Linux Ubuntu 64 bit and Win 10 Professional 64 Bit in a dual boot. The open Ubuntu OS allows for easy application modification to include new features, easy adaptation to new hardware, and ease of adding third-party Ubuntu applications.
- Dual Boot Ubuntu/Win10 (Built-in):
- Data Capture Under Linux: Performs Forensic Imaging under Linux for a faster, more efficient, and more secure operation.
- Analyze the Captured Data under Windows 10: Reboot the unit to Windows and use third-party applications to perform data analysis, cellphone capture and other tasks.
- Security: Linux OS (Linux OS is less targeted by malware).
- Hardware Upgrade: The unit can be upgraded at the time of purchasing for additional cost to a larger internal SSD
- Application Updates: The application can easily be updated by using any of the unit's USB ports and by a simple tap on the "update software" icon from the unit' main menu.

Hardware Specifications:
- RAM: 32GB DDR4 internal memory.
- Internal storage: 1TB SSD SATA HDD.
- Storage controllers: PCI Express USB 3.0 controllers
Hardware Supports:
- Source Ports: One USB3.0/USB3.1, One SATA ports are set as source ports (the user cannot change the role of these ports).
- Target Ports: 19 USB3.0/USB3.1 ports, 2 SATA ports

Application Settings:
- HPA/DCO Automatic Supports: The application has the ability to automatically open HPA and DCO areas and resize the “Suspect” hard drive to its full native capacity in order to capture any “hidden data: (HPA/DCO are special areas on the drive that support this feature).
- Bad Sectors Handling: The user can select to skip bad sectors, skip bad blocks, or abort the operations. The skipped, bad sectors will be reported in the log file in detailed or in summary.
- 48bit LBA Addressing: Supports drives with sizes up to 256TB.
- Forensic Images – Destination: The user can save Forensic Images to any storage device attached to the SuperImager unit, or to any connected network (using the unit’s 1Gigabit/s port or the Thunderbolt 3.0 to 10 Gigabit/s optional adapter), any external USB3.0/e-SATA RAID (encryption is optional), or an external NAS storage all at a very good speed.
- Cross Copy from any Ports and any Interfaces: The user can choose to capture from one port, with one type of storage protocol and interface, and save the forensic image onto a different storage protocol and interface using destination ports. The cross copy of data can be done between any of the supported storage interfaces.

- Audit trail and operation Log Files: Generated automatically by the application and saves it on the Evidence/Target drive (PDF, XML)
Application Features:
- GUI: The application is built with large and very simple and easy to navigate icons. In a few clicks the user can set an operation and it will quickly be up and running.
- Speed: Very fast – one of the fastest Forensic Imaging solutions available on the market today, achieving a speed of above 32GB/min with SATA SSD and 187GB/min with NVMe SSD. Read speed up to 202GB/min.
Application’s Main Operations:
- Forensic Imaging Mode
- Forensic Platform
- Data Eraser and Format
- HASH Calculation Authentication and Verification
- Network

Forensic Imaging Mode:
- Mirror imaging bit by bit (100% or any % of the drive), DD, E01/Ex01 – with optional compression, Selective Capture (Capture Partitions, Files and Folders, and with the use of file extension filters), Mix-Format of DD/E01/Ex01, selecting one partition capture.

- Targeted Imaging: Sometimes the forensic investigator does not have the time to do a full data capture of the Suspect drive. Now the user can use the Selective Imaging feature to select only partitions, files, or folders (like the Windows User-Folders or Windows User-Documents and User-Pictures). With the use of preset file extension filters or adding its own filters, the Forensic Investigator can narrow their capture scope and shorten its acquisition time.

- Forensic Restore: Back up the data that was captured to another drive in the original format.

- Forensic Images Formats:
a) Mirror Image Formats 100% Bit by Bit Mirror copy.
b) Linux-DD Format.
c) Encase E01/Ex01 Formats (includes options for optimizing the compression by adjusting the compression level and the number of compression parallel engines) and Mix-Format of E01/Ex01/Linux-DD.
d) Mix-Format is where the user can capture from one source drive and save the images onto multiple destination ports; each target port can be selected to be one of the 3 E01/Ex01/Linux-DD.
e) In addition, the user can use a file-based copy to copy files and folders by using selective imaging with file extension filters.
f) Single partition capture.

g) VHD capture
- Imaging and Verify: The user can select to run forensic imaging with 3 HASH engines and also enable the "HASH the target and compare HASH" feature. That is kind of a stand operation to make sure the captured image is not altered or corrupted.Reading speed from a source drive (32GB/min SATA, 202GB/min NVMe).
- Drive Spanning: Supports spanning the captured data onto many “Evidence” drives when the Evidence drives are not large enough (also supports restore images that are spanned over multiple drives). Also support parallel drive spanning when the source drive is much faster than the target (source is NVMe for example).
- Encryption: On-the-fly AES256 encryption of the “Suspect” drive, saving the encrypted data on the “Evidence” drive in 100%, DD, E01/Ex01 formats.
- Decryption: The user can perform decryption on a drive that has been previously encrypted by any of the SuperImager units. Alternatively, the user can use a standalone MediaClone Linux decryption utility application to perform decryption on an encrypted drive using any PC. The supplied standalone decryption utility application can be burned onto a USB flash drive that later can be used to boot the PC to the MediaClone Linux decryption utility application, where the encrypted drive and a blank destination drive are attached to the PC (the user needs to supply to the utility application the saved encryption key). MediaClone developed its own decryption utility application in order to make sure that the user can always decrypt the drive was were once encrypted via a MediaClone unit and not to rely on TruCrypt or other third-party applications that might not be supported in the future.
Forensic Imaging Tool: In one read-pass from the “Suspect” drive, the SuperImager Plus application can run the following operations simultaneously: Forensic imaging with E01 format and full compression, Encryption with AES256, calculate 3 HASH Verification and Authentication values (MD5, SHA1, SHA2), save the captured Forensic Images to 2 “Evidence” drives to a local network, and external compact USB3.0/e-SATA TB RAID encrypted storage. The basic Forensic Imaging mode can be 1:1, 1:2, 1:3, 2:2 for SAS/SATA and 2:6 for USB3.0/3.1 storage devices, or 5:8 SATA with USB3.0 adapters, and more possibilities with the use of the supplied Thunderbolt 3.0 Expansion box with additional 4 SAS ports.
- Extreme Speeds when performing Forensic capture with E01/Ex01 formats and full Compression:
- The new Linux-based SuperImager Plus application utilizes and optimizes multiple CPU cores to achieve one of the most efficient operations while also performing at incredibly high speeds with E01/Ex01 formats and full compression. The application allows the user to manually select and adjust the number of hyper-threads and the level of compression used during each session.
- Forensic data captured with Encase E01/Ex01 formats with full compression is widely used for operations in the forensic industry and generally requires a trade-off between speed, space, and time of decompression by the Encase application.
- Comparative tests show a 20% increase in speed when using the SuperImager Plus Linux-based application over the SuperImager Windows-based application. The tests were performed with the same hardware, the same hard disk drives (filled 43% of the drive with random data), and the same level 1 compression. The Linux-based application was set to use 16 compression threads.
Complete Forensic Platform:
- In addition, the unit can serve as a platform for a Forensic Investigator to run a complete investigation and to perform:
- The Forensic investigator can load and run third-party applications such as Cellebrite, Oxygen, DART, Paraben, and BlackBag. The user can also run third-party Triage applications under Windows on the attached Suspect or Evidence drives. The MediaClone Windows Drive Power Utility application allows the user to mount drives safely, either as read-only or read-write (depending on the unit’s port) in a secure way. The application also allows the user to dismount and remove drives in a safe way. The Suspect port is automatically assigned to be read-only.
- Virtual Drive Emulator: Enables the user to run a drive, or image of a drive emulator, on the unit (for Suspect Drives that were extracted previously from a Windows unit) and allows the user to share folders and copy important files (bypass the user Windows password). Mount a Suspect drive or it’s DD/E01 images, simulate it in its native Windows Environment, and extract important files (This function performs on the Linux side).
- Secure Write Blocked File Preview: Browse and preview the captured data on the Internal Display. The user should connect the drive to the unit’s Suspect port to protect the drive via the port’s write-blocking mechanisms, turn on the power to the drive using the application’s power icon, and mount the drive using Ubuntu. The drive Doc files, including XLS, can be viewed using the Ubuntu Open Office package. Alternatively, the user can boot the unit to Windows (if this option was purchased) and view the drive on Windows.
- High Performances: As a platform, a forensic investigator can, in addition to imaging and capturing data, load and run third-party applications to analyze the captured data:
- Cellphone/Tablet data extraction and analysis - Cellebrite, Oxygen, BlackBag, MPE+, Paraben applications, and more (the user can also use all of the 8 USB3.0 ports to run cellphone extractions)
- Triage data collection – Nuix/Encase/ADF portable applications.
- Full Computer Forensic Analysis – Encase, Nuix, Axiom, and FTK applications – data is already captured, and the hardware can support a full analysis.

Data Eraser and Format:
- The user can erase drives and USB3.0 storage devices by using the unit’s 4 SATA ports and 8 USB3.1 ports. The application supports DoD erase (Full, Lite), Security Erase, Enhanced Security Erase, and Sanitize erase protocols. DoD (Full and Lite) are NIST 800-88 compliant. The rest of the erase protocols need to be run with verify pass in order for them to be NIST 800-88 compliant. The application also supports the user erase mode with verification pass and the erase verification mode for drives that were previously erase by a third-party application or tool.
- Erase the remainder of the drive after the copy.
- Drive Erase Protocols: DoD 5220-22M, Security Erase, Enhanced Security Erase, Sanitize, NVMe Secure Erase, or a User-erase mode where the user can define the final data filling pattern and the number of iterations (Security Erase, Enhanced Security Erase, Sanitize, and DoD erase protocols are all NIST 800-88 compliant).
- Format: NTFS, FAT, HFS+, EXT4, and exFAT.

- Erase Verify: Run Erase Verify to verify that the drive was erased before use
- Erase Logs and Erase Certification: The application generates extensive erase logs and files with an NIST 800-88 erase certification (also runs S.M.A.R.T. tests before and after the erase operation and is saved to XML file format) which can be exported to a USB thumb drive. The application also has a built-in erase database that can easily be exported to XLS.
- Evidence Drive Formats: exFAT/FAT/NTFS/HFS+/EXT4.

HASH Calculation Authentication and Verification:
- HASH Authentication: Simultaneously calculated on-the-fly up to 3 HASH Authentication values MD5/SHA-1/SHA-2 during the same session.
- HASH while Capture: MD5, SHA-1, SHA-2 (all the 3 HASH protocols can be selected to run simultaneously).

Network:
- Network Capture: Data from a network folder can be captured and saved into “Evidence” drives via the use of the iSCSI storage protocols. The SuperImager application (for both capture from a network and save to a network) supports SMB, NFS, and CIFS networks protocols. The capture can run with HASH authentication and HASH verification.
- Saves Forensic Images to Network: Upload multiple Forensic images to a network (DD, E01) simultaneously by using 1 Gigabit/s port/ Thunderbolt 3.0 to 10 Gigabit/s optional adapter, or any of the unit’s USB ports to upload up to 8 parallel 1 Gigabit/s network streams.
- Disable Network process and protocols for security reasons: Those network protocols are easy to disable using Ubuntu Preferences Tools.
- Copy loose files from/to the network: The user can copy files from/to a network with HASH authentication for better data integrity.
- Remote Capture (Intel based CPU)- Capture data from the Internal Drives of an un-opened Laptop or Computer: Using USB or 1 Gigabit Ethernet ports on the laptop/computer enables the user to use the Remote capture application via a USB stick, without the need to remove the drive from the laptop/computer or boot the laptop from its own OS (the capture speed is restricted to the performance of the Laptop/PC CPU and the 1 Gigabit/s connection). The capture application can run using HASH authentication. The Remote Capture Option Kit includes the USB flash drive, 1 Gigabit/s to USB3.0 Adapter, and a crossover network cable. The Remote capture application supports capture via USB/1394/TB/R45 network ports).

Parallel Operations:
- Parallel Forensic Imaging – Multiple Session Operations: Improves the efficiency of the evidence data collection process by using multitasking and using a parallel imaging process. The user can take advantage of the SuperImager unit’s multiple available ports and run multiple, efficient, simultaneous parallel operations. The user can mix different types of operations, and each operation can be set as a new independent session. An example of an operation: erase data from a drive connected to one port and HASH verify a different drive connected to the second port, all while performing forensic imagining of 1 to 1 on drives connected to the remaining ports.
- Port's rule increase possibilities: The application is very flexible in running multiple sources to multiple destinations, all in simultaneous operations. The user has the flexibility to change a port’s role from “Evidence” to “Suspect” port. The session control application screen provides the user with comprehensive information and direct control over the running sessions, including all the settings of the session and the ability to abort the session.
- Detection Application Screen: All drives and storage devices that are connected to the unit will be “scanned” and displayed in one application screen called “The Detection Screen”. The user can tap on each drive to get its detailed info and run some specific utilities regarding that drive (as long as it is a target drive) – like a quick S.M.A.R.T. test (only using the “Target” port), run a Virtual Emulator (“Source” port), safely preview the contents of the drive (“Source” port), as well as select it for any desired operation they are planning to use.

More Features:
- Drive Trim: Allows the user to manipulate the HPA/DCO area on the drive to create an Evidence/Target drive with the same capacity of the Suspect/Source drive.
- Application Audio Notification: The user can enable some audio notification features, like end of a session.
- Unit’s User Configuration: This feature allows the administrator of the unit to set specific operations with specific settings, and allows the user to secure it with a lock password (This feature needs to be requested at the time of purchasing the main unit – it is needed for security purposes).
- Tasks Scripting: The user can create a script to run sequential operations and parallel operations. There are no limitations on the number of scripts and operations one can run. Be aware that if the operation requires the use of an input it will stop and wait for the user to input (like when the user is running a drive scanning and a user’s response is needed).
- Language Supports: Easy to implement translations for new languages. Now supporting Korean and Chinese languages.
- Keyword search before Imaging: Gives the user the ability to perform a quick keyword search on the Suspect drive’s files and folders, with filters on the files extension types and with a few important keywords (this is a quick keyword search to determine if a Suspect drive needs to be captured).
- Keyword search while imaging: Gives the user the ability to perform a quick keyword search on the Suspect drive’s files and folders, with filters on the files extension types and with a few important keywords included in the search images.

- Cloud Storage connection: With the use of Insync paid services the user can sync to Microsoft OneDrive, Google Cloud, and others cloud storage
- Partition imaging: Gives the user the ability to select only one partition (per sessions) to perform forensic imaging and save it into the Evidence drive in DD/E01/Ex01 format.
- Network Multiple Forensic Image “Loader”: Besides the ability of the application to upload forensic images (DD, E01) to the network via the 1 Gigabit/s network port, there is also a unique feature/solution that can solve the streaming bottleneck issue by using a single port. With this solution the user can upload many Forensic images directly to a local network using 7 equivalent 1 Gigabit/s network streams. Alternatively, the user can use the Thunderbolt 3.0 port to connect to a 10 Gigabit/s network.

Expansion Capabilities and Main Hardware Options:
- USB3.0 to SATA Adapters and Kits Option: Today USB3.0 technology is extremely fast and can run read data from SSD drives up to 20GB/min. With the use of the USB3.0 to SATA 4 channel Kit, the user can convert 4 USB3.0 ports to 4 SATA ports.
- Built in the US: The units are built and tested in the US.
- Warranty: One-year free warranty on the main unit (does not include warranty on accessories, adapters, and cables).
Ports:
- Native SATA: 4 ports with power.
- USB3.0: 20 Ports
- USB2.0: 1 generic port
- Thunderbolt 3.0: 1 port (to connect TB to 10GbE)
- HDMI and DP port to plug external monitor.
- Front Panel: 20 USB3.0 ports
- Back Panel Add-on Ports: 3 SATA 6 Gigabit/s ports with power for external storage (“hot” plugged), HDMI, RJ45 1 Gigabit/s Ethernet, and generic USB2.0.
Power Characteristics:
- A built-in, universal auto switching 450W UL/CE/PSE 110/220V power supply with an input voltage of 100-240V/50-60HZ.

Operating Environment:
- Temperature: 5°C - 55°C (40°F-130°F).
- Relative Humidity: 20-60% non-condensing.

Mechanical Characteristics:
- Base unit’s dimensions: 16.0” x 15.0” x 4.0² inch. (400 x 380 x 100 mm). A user will have to attach the display pad to the main unit.
- 20-channel open tray dimensions: 11”x 6”x 2”.
- Shipping Dimensions:
- Box dimensions: 20” x 20” x 15” inch.
- Shipping box weight: 28.5 lbs.

Power Characteristics:
- A built-in universal, auto switching 500W UL/CE/PSE power supply
- Input Voltage: 100-240V/50-60Hz.

Operating Environment:
- Temperature: 5°C - 55°C (40°F-130°F).
- Relative Humidity: 20-60% non-condensing.

Mechanical Characteristics:
- Unit Net Weight: 28 lbs
- Unit Dimensions: 10.6”L x 7.70"W x 3.15"D (270 x 210 x 100 mm).

Accessories
USB3.2 to NVMe U.2 and M.2 external adapter Thunderbolt 3.0 to 10Gigabit/s Ethernet Adapter for T3 units NVMe Option for Thunderbolt 3.0 Expansion Box Thunderbolt 3.0 Expansion Box (PCIE 3.0)
Our Price: $120.00
Our Price: $200.00
Our Price: $100.00
Our Price: $320.00
USB to NVMe adapter with U.2 and M.2 Thunderbolt 3.0 to 10Gigabit/s Ethernet Adapter for T3 units NVMe single U.2 and M.2 port Akittio Thunderbolt 3.0 to PCIE

Share your knowledge of this product. Be the first to write a review »