SuperImager® Plus 8” T4 Portable Forensic 4 SAS/SATA (12Gb/s PCIE 4.0) + NVMe ports unit is a portable forensic imaging device with the ability to perform multiple Forensic tasks, allowing the Forensic investigator to simultaneously capture data from various source drives to numerous targets drives with 4 HASH engines (MD5, SHA1, SHA2, SHA512 at the same time), image verification at extreme high speed. It also enables the user to perform a full Forensic Analysis in the field using EnCase, Nuix, Axiom, or any other analysis application for Windows 11 and extract physical data from multiple cell phones. The unit is compact and easy to carry, with built-in 4 SAS/SATA ports (with a secure connector), two e-SATA ports, 7 USB3.2 ports, two Thunderbolt 4.0 ports (40 Gigabit/s can be used for 2 NVMe SSD), and it is supplied with 1394A/B controller, NVMe U.2/M.2 solution. Additionally, the Thunderbolt 4.0 ports with the Thunderbolt 3.0 Expansion box allow the user to add more ports (an additional 4 SAS/SATA and one NVMe), save captured images to a fast network via 10Gigabit/s Ethernet, or capture data from legacy drives such as SCSI and FC.
The unit is supplied with USB 3.2 Gen2x2 to NVMe fast adapters, which can be used with the unit's 2 Thunderbolt-4 ports to provide a second and third NVMe port.
The unit performs at an extreme speed of 31GB/min with imaging from SATA to SATA SSD, 165GB/min with mirror imaging from NVMe SSD, 51.2GB/min with mirror imaging from SATA to external NVMe, and 47.6GB/min with Ex01 Imaging using full compression from SATA to SATA SSD.
The SuperImager’s main application (the unit’s software) supports many imaging methods like Mirror Image, Encase E01/Ex01, Linux-DD, E01/DD mix, AFF4, a single partition, and Files and Folders as a Triage operation.
Here are some of the tasks the unit can be used for:
1) Multiple Parallel Forensic Capture: raw image (Mirror bit by bit), Linux-DD, E01/Ex01 (with full compression) formats, Mixed-Format DD/E01, AFF4, capture the whole drive or only some partitions (There is no limitation on the number of parallel sessions and not queing).
2) Run a Selective Capture (Targeted Capture) of partitions, files, and folders with HASH each file, apply file extension filters and save the metadata of each file. It is a great and free way for smartphones logical extraction.
3) Erase data from Evidence drive prior to the capture - using DoD (ECE, E), Security Erase, Enhanced Security Erase, Sanitize Erase, NVMe- Format, USER-Erase protocols.
4) View the Captured data directly on the Ubuntu Desktop or Windows screens, in a secure enviroment.
5) Encrypt the data while capturing (using the AES256 XTS engine) and decryption at the destination location with the use of MediaClone free utility.
6) HASH data while capturing – run asimultaneously all
the four HASH engins (MD5, SHA-1, SHA-2, and SHA-512 HASH).
7) Run a quick Keyword Search on the Suspect drive before imaging or during the imaging.
8) Simultaneously run multiple Smamrtphones/Tablets logical data extraction.
10) Run a full Forensic Analysis application like Encase/Nuix/FTK/Axiom (on the Windows side).
11) Run Virtual Drive Emulator before the data capture (Linux), preview the "Suspect" data, and copy important files and folders.
12) Run Remote Capture from unopened laptops - Intel Based CPU (supplied with this unit), or with optional Mac with M1, M2 cpu.
13) Use the unit' native Thunderbolt 4.0 ports (40 Gigabit/s) to capture data from USB3.2 Gen-2 storage devices, or connect to 10GbE network with the use of TB3.0 to 10GbE adapter.
14) Unlock and capture drives with ATA passcode, BitLocker passcode, Opal passcode for SED drives, and VeraCrypt.
15) Use the unit as a “Write Blocker” device: This feature enables the unit to function as a secure bridge between workstations on a network to Suspect drives attached to the unit by using the iSCSI protocol over a network connection.
16) Support for remote capture from Mac with M1/M2 CPU.
18) Use the TB4.0 to NVMe external adapter to capture data from more NVMe SSD or image NVMe to NVMe SSD.
A forensic investigator using a workstation or laptop in one location can access a Suspect drive in different places in the Writes-block" mode.
The SuperImager unit will be connected to the same network, and the Suspect drives will be attached to the unit in read-only mode. The unit will act as a “write blocker” for any of the unit’s attached storage, such as SAS, SATA, USB, 1394, FC, SCSI, and NVMe.
Additional Operations: HASH authentication, Drive Diagnostics, Image Restore, Drive Erase of Evidence drive before use, and set automation processes with Scripting capabilities.
The SuperImage application supports simultaneous and independent forensic imaging of multiple drives, in multiple sessions with no queing and no limitaion of th number of sessions (we did invent this in 2013!).
The unit is supplied with 4 SAS/SATA extension cables with power and data, U.2 to PCIe NVMe controller and U.2 to M.2 NVMe adapter, 1394A/B controller, Remote capture KIT (Intel base CPU) , Virtual Drive Emulators, M.2 SATA adapter, MSATA adapter, MicroSATA adapters and USB3.2 2x2 to NVME adapter.
Optional to add 4 M.2 NVMe ports via the use of TB3.0 Expansion Box (see options)
|
SuperImager Plus 8" T4 unit with i7 CPU, 32GB Memory, and S/W Version 1.9.25
|
|
|
Operation
|
Avg Speed GB/Min
|
|
HASH single drive, in a single session (Samsung 870 EVO SSD)
|
|
|
SHA-1
|
32.1
|
|
MD5
|
32.1
|
|
SHA-1+ MD5
|
32.1
|
|
|
|
|
|
|
|
NVMe: Using 1TB WD Black M.2 NVMe SSD
|
|
|
Read Verify
|
165.8
|
|
HASH only with SHA-1
|
131.1
|
|
Mirror Image SATA to NVMe
|
51.2
|
|
Forensic Imaging SATA
|
|
|
DD Imaging Samsung 850 EVO SSD to Samsung 850 EVO SSD (2GB Files Chunks and NTFS)
|
|
|
with SHA-1 + MD5 HASH
|
30.1
|
|
DD Imaging SanDisk Extreme II SSD to Samsung 850 EVO SSD 2 GB file Chunks and NTFS)
|
|
|
with SHA-1 + MD5 HASH on
|
28.5
|
|
Ex01 Imaging Samsung 860 PRo SSD to Samsung 860 Pro SSD (2GB Files Chunks, NTFS, Compression, Imager verify on )
|
|
with SHA-1 HASH
|
47.6
|
SuperImager Plus 8" T4 Portable Forensic Imager and Forensic lab on-the-go
SuperImager Plus 8" T4 Portable Forensic Imager and Forensic lab on-the-go
Advanced Digital Forensic Imaging Application Capabilities
Drive Handling and Compatibility
• HPA/DCO Support: When enabled, it automatically detects and resizes drives to their native capacity, revealing hidden areas (common on some SATA drives) to ensure full data capture.
• Management of Drive Bad Sectors: In parts of bad drive handling, the user can choose to skip bad sectors or blocks or halt operations. Detailed or summarized error logs are automatically generated.
• 48-bit LBA Support: Supports drives up to 256TB.
• Dual OS: Operates under both Linux (Ubuntu) and Windows environments.
• Security Focused: All forensic imaging operations run on Linux for reduced malware risk.
• Easy Updates: Update the application via USB port or with a single tap on the main menu.
----------------------------------------------------------------------------------------------------
Performance & Speed
• Unmatched Throughput:
• SATA SSD: Up to 32GB/min
• SATA: SHA-1 + Imaging: Up to 30GB/min (SSD) | 10GB/min (HDD)
• NVMe SSD: Over 100GB/min
Media: Support HDD, SSD, M.2, MSATA, MicroSATA (1.8mm) and more. Support cross imaging from any port and any media.
Forensic Imaging Modes
Full Imaging
• Raw image, bit-by-bit mirror image (100% or partial of the drive)
• Supports DD, E01/EX01, AFF4 formats (with the ability to select which partition to capture),
• E01/E01 Optional compression
Targeted (Triage) Imaging
• Selective Capture: Quickly capture only relevant data: partitions, user folders, documents, etc. (great for cellphone logical extraction)
• Filter by file type and apply up to 4 HASH algorithms (MD5, SHA-1, SHA-2, SHA-512) per file.
• File-based capture with metadata
• It supports FAT, exFAT, NTFS, EXT2-4, HFS+/APFS, and HPFS.
Imaging Options
• Mix Format output of E01/DD
• Standalone HASH authentication (raw image/DD/E01)
• Target Drives Spanning: Supports multi-drive spanning for large image captures
• Parallel Span Mode: When the source drive is much faster than the target drives, writing data to multiple destination drives in parallel can save a lot of imaging time – no need for special reconstruction software
Encryption & Decryption
• AES256-XTS on-the-fly encryption during capture
• Save encrypted images in DD, E01/Ex01, or 100% formats
• Standalone Decryption Utility:
• Works on any PC
• Bootable from USB
• Does not rely on 3rd-party tools like TrueCrypt
Parallel & Multi-Session Operations
• Run multiple forensic Imaging, HASHING, erasing, or drive diagnostics sessions simultaneously with no queuing or limitation of the number of sessions.
• Ability to configure each target port as a Source or Target with Write-Blocking for Source drives.
• Full session control via dedicated GUI
Data Erasure & Drive Prep
• Securely erase Evidence drives before use:
• SSD: up to 32GB/min
• HDD: up to 11GB/min
• Erase Protocols: DoD 5220-22M, NIST 800-88 compliant Security Erase, Sanitize, NVMe Secure Erase, and user-defined patterns.
• Format Options: NTFS, FAT, HFS+, EXT4, exFAT
• Detailed Erase Logs & Certifications (PDF/XML/XLS exportable)
Audit Trail & Reporting
• Automatic Log Generation: PDF logs are saved on Evidence/Target drives and the unit’s local storage.
• Erasure Reports: Includes S.M.A.R.T. pre/post logs and NIST 800-88 certificates
• Full Traceability: Logs every session action and hash value
Networking & Remote Imaging
• Network Protocol Support: SMB, NFS, CIFS, iSCSI
• Upload forensic images to NAS/local networks via 1GbE or 10GbE ports
• Disable network features for air-gapped workflows
• Remote Capture Capabilities:
• From laptops via USB or Ethernet with use of cross-over network cable
• Use of bootable agent
• Support for Windows/macOS (Intel, T1/T2, M1/M2)
• Supports capture via USB, 1394, or RJ-45
Special Imaging Features
• Drive Emulator: Simulate & preview a suspect drive's Windows environment and extract files
• RAID Support (Linux):
• Auto-detects and reconstructs RAID-0, 1, 5, 6 using DDF, mdadm, or Intel headers
• Advanced Imaging Modes for “ill” drives:
• Reverse Imaging- Helps for drives with many bad sectors at the beginning of the drive.
• Segmental HASHING
• Timeout adjustment per drive
• Auto retry after the power cycle
• Read-ahead disabling to avoid freezes
User Experience & Usability
• Large Icon GUI: Simple, intuitive, and fast to configure
• Detection Screen: Scan and view all connected drives in one place
• Drive Trim: Match target drive size to source by manipulating HPA/DCO commands on the SATA target drives
• Audio Alerts: Session completion notifications
• Task Scripting: Create custom sequential or parallel workflows
• Language Support: Includes Korean and Chinese
• Keyword Search:
• Pre-Imaging (to assess importance)
• Live During Imaging (with extension filters)
Additional Tools
• Cloud Sync: Optional Insync service to capture from OneDrive, Google Drive, etc.
• Network Tapping Module: Optional Live network sniffing and PCap capture using Wireshark
Use as a Complete Digital Forensic Workstation
Install industry tools directly onto the unit:
• Cellphone Data Extraction: Support for Cellebrite, Oxygen, MSAB, Axiom
• Triage Tools: Encase, Nuix, ADF
• Full PC Forensics: FTK, Axiom, Encase
• RAID Analysis: Compatible with Windows-based RAID recovery tools
Hardware & Build
• Made in the USA: Engineered, built, and tested in California
• Warranty: One-year limited warranty on the main unit (excludes cables/adapters)
