SlideShare a Scribd company logo
1 of 12
Download to read offline
A high-level review of acquisition times for several
popular imaging tools
Background
There has been a lot of anecdotal
discussion regarding the relative
performance of various popular acquisition
tools. This document provides an overview
of some research currently being
undertaken. Once completed the full set of
detailed results will be published.
Tools Assessed
 EnCase Forensic Imager v7.06
 FTK Imager v3.1.2
 Adepto v2.1 (Helix3)
 EnCase LineN v6.12.0.21
 IXImager v3
 Raptor v2.5
 X-Ways v17.1
Speed Assessment Parameters
Each of the acquisition tools used in this research was placed
into one of two categories and measured for how quickly the tool
could acquire a 160GB virtual drive. The categories were:
 ‘Standalone’ – meaning the tool comes with its own bootable
environment
 ‘Dependant’ – meaning the tool itself is not part of a bootable
environment and requires a third-party write-blocking device
or bootable system.
Within each category the tools were tested in the same virtual
configuration. The default image type was selected together with
the fastest compression (if available).
‘Standalone’ Acquisition Tool
Environment
VIRTUAL
MACHINE
(VirtualBox)
VDI
(VIRTUAL
SOURCE DISK)
VDI
(VIRTUAL
TARGET DISK)
VIRTUAL
BOOT
CDROM
ISO
SATA
SATA
PHYSICAL DISK 1
PHYSICAL DISK 2
PHYSICAL DISK
3
SATA
‘Dependant’ Acquisition Tool
Environment
VIRTUAL
MACHINE
(VirtualBox)
VDI
(VIRTUAL
SOURCE DISK)
VDI
(VIRTUAL
TARGET DISK)
SATA
SATA
PHYSICAL DISK 1
PHYSICAL DISK 2
SATA
VDI
(VIRTUAL SYSTEM
DISK)
WIN 7 SP1
PHYSICAL DISK 3
Overall Results
Tool Time to acquire 160GB Image
Size
Image
type
IXImager 17 mins 78.6 GB ASB
Xways Forensic 27 mins 74.4 GB E01
FTKI 50 mins 68.3 GB E01
Adepto 56 mins 149 GB RAW
EnCase Linen 63 mins 149 GB E01
Raptor 69 mins 68.3 GB E01
EnCase Forensic Imager 74 mins 68.6 GB E01
Standalone Tool Results
For tools that don’t require a write-blocker as part of
the acquisition process
Tool Time to acquire 160 GB Image size Image
type
IXImager 17 mins 78.6 GB ASB
Adepto 56 mins 149 GB RAW
EnCase LineN 1hr 03 mins 149 GB E01
Raptor 1hr 09 mins 68.3 GB E01
Dependant Tool Results
For tools that require a write-blocker as part of
the acquisition process
Tool Time to acquire 160 GB Image
size
Image type
X-Ways Forensic 27 mins 74.4 GB E01
FTK Imager 50 mins 68.3GB E01
EnCase Forensic Imager 1hr 14 mins 68.6 GB E01
Scalability Assessment
The tools were grouped by their ability to
accommodate being deployed in an
environment containing multiple source
devices. Two groups were identified:
 Unrestricted
 Restricted
Unrestricted tools
Tool Comment
IXImager Unlimited number of concurrent
acquisitions, one analysis licence
required
Raptor Unlimited number of concurrent
acquisitions, no licence required
EnCase LineN Unlimited number of concurrent
acquisitions, no licence required
Adepto Unlimited number of concurrent
acquisitions, no licence required
Restricted tools
Tool Comment
FTK Imager Requires write-blocker per concurrent
acquisition
EnCase Forensic Imager Requires write-blocker per concurrent
acquisition
X-Ways Requires write-blocker per concurrent
acquisition, requires dongle per
concurrent acquisition

More Related Content

What's hot

What's hot (20)

Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Forensic audio
Forensic audioForensic audio
Forensic audio
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptx
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
 
Social Media Forensics
Social Media ForensicsSocial Media Forensics
Social Media Forensics
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
Forensic imaging
Forensic imagingForensic imaging
Forensic imaging
 

Viewers also liked

Модель зрелости процесса (мониторинг и оценка ИБ)
Модель зрелости процесса (мониторинг и оценка ИБ) Модель зрелости процесса (мониторинг и оценка ИБ)
Модель зрелости процесса (мониторинг и оценка ИБ) Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Болевые точки корпоративной сети: взгляд не со стороны службы ИБ
Болевые точки корпоративной сети: взгляд не со стороны службы ИББолевые точки корпоративной сети: взгляд не со стороны службы ИБ
Болевые точки корпоративной сети: взгляд не со стороны службы ИБAleksey Lukatskiy
 
пр Куда идет ИБ в России? (региональные аспекты)
пр Куда идет ИБ в России? (региональные аспекты)пр Куда идет ИБ в России? (региональные аспекты)
пр Куда идет ИБ в России? (региональные аспекты)Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Анализ защищенности ПО и инфраструктур – подходы и результаты
Анализ защищенности ПО и инфраструктур – подходы и результатыАнализ защищенности ПО и инфраструктур – подходы и результаты
Анализ защищенности ПО и инфраструктур – подходы и результатыAdvanced monitoring
 
пр Сколько зарабатывают специалисты по ИБ в России 2016
пр Сколько зарабатывают специалисты по ИБ в России 2016пр Сколько зарабатывают специалисты по ИБ в России 2016
пр Сколько зарабатывают специалисты по ИБ в России 2016Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
UEBA – поведенческий анализ, а не то, что Вы подумали
UEBA – поведенческий анализ, а не то, что Вы подумалиUEBA – поведенческий анализ, а не то, что Вы подумали
UEBA – поведенческий анализ, а не то, что Вы подумалиAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Проблемы безопасной разработки и поддержки импортных средств защиты информации
Проблемы безопасной разработки и поддержки импортных средств защиты информацииПроблемы безопасной разработки и поддержки импортных средств защиты информации
Проблемы безопасной разработки и поддержки импортных средств защиты информацииAleksey Lukatskiy
 
Fusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident responseFusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident responseDr. Richard Adams
 
К вам пришла проверка. Что делать?
К вам пришла проверка. Что делать?К вам пришла проверка. Что делать?
К вам пришла проверка. Что делать?Евгений Царев
 
Опыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACAОпыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACARISClubSPb
 
Опыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACAОпыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACARISClubSPb
 
Повышение осведомленности пользователей по вопросам ИБ/очный семинар RISC
Повышение осведомленности пользователей по вопросам  ИБ/очный семинар RISCПовышение осведомленности пользователей по вопросам  ИБ/очный семинар RISC
Повышение осведомленности пользователей по вопросам ИБ/очный семинар RISCRISClubSPb
 

Viewers also liked (20)

пр Модель зрелости Dlp
пр Модель зрелости Dlpпр Модель зрелости Dlp
пр Модель зрелости Dlp
 
Модель зрелости процесса (мониторинг и оценка ИБ)
Модель зрелости процесса (мониторинг и оценка ИБ) Модель зрелости процесса (мониторинг и оценка ИБ)
Модель зрелости процесса (мониторинг и оценка ИБ)
 
пр про SOC для ФСТЭК
пр про SOC для ФСТЭКпр про SOC для ФСТЭК
пр про SOC для ФСТЭК
 
пр Спроси эксперта про прогнозы ИБ
пр Спроси эксперта про прогнозы ИБпр Спроси эксперта про прогнозы ИБ
пр Спроси эксперта про прогнозы ИБ
 
Болевые точки корпоративной сети: взгляд не со стороны службы ИБ
Болевые точки корпоративной сети: взгляд не со стороны службы ИББолевые точки корпоративной сети: взгляд не со стороны службы ИБ
Болевые точки корпоративной сети: взгляд не со стороны службы ИБ
 
пр Куда идет ИБ в России? (региональные аспекты)
пр Куда идет ИБ в России? (региональные аспекты)пр Куда идет ИБ в России? (региональные аспекты)
пр Куда идет ИБ в России? (региональные аспекты)
 
пр Лицензия ТЗКИ на мониторинг Small
пр Лицензия ТЗКИ на мониторинг Smallпр Лицензия ТЗКИ на мониторинг Small
пр Лицензия ТЗКИ на мониторинг Small
 
Книга про измерения (ITSM)
Книга про измерения (ITSM)Книга про измерения (ITSM)
Книга про измерения (ITSM)
 
Анализ защищенности ПО и инфраструктур – подходы и результаты
Анализ защищенности ПО и инфраструктур – подходы и результатыАнализ защищенности ПО и инфраструктур – подходы и результаты
Анализ защищенности ПО и инфраструктур – подходы и результаты
 
пр Сколько зарабатывают специалисты по ИБ в России 2016
пр Сколько зарабатывают специалисты по ИБ в России 2016пр Сколько зарабатывают специалисты по ИБ в России 2016
пр Сколько зарабатывают специалисты по ИБ в России 2016
 
UEBA – поведенческий анализ, а не то, что Вы подумали
UEBA – поведенческий анализ, а не то, что Вы подумалиUEBA – поведенческий анализ, а не то, что Вы подумали
UEBA – поведенческий анализ, а не то, что Вы подумали
 
Проблемы безопасной разработки и поддержки импортных средств защиты информации
Проблемы безопасной разработки и поддержки импортных средств защиты информацииПроблемы безопасной разработки и поддержки импортных средств защиты информации
Проблемы безопасной разработки и поддержки импортных средств защиты информации
 
Fusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident responseFusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident response
 
К вам пришла проверка. Что делать?
К вам пришла проверка. Что делать?К вам пришла проверка. Что делать?
К вам пришла проверка. Что делать?
 
Опыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACAОпыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACA
 
Опыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACAОпыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACA
 
Повышение осведомленности пользователей по вопросам ИБ/очный семинар RISC
Повышение осведомленности пользователей по вопросам  ИБ/очный семинар RISCПовышение осведомленности пользователей по вопросам  ИБ/очный семинар RISC
Повышение осведомленности пользователей по вопросам ИБ/очный семинар RISC
 
Linux booting process
Linux booting processLinux booting process
Linux booting process
 
Disk
DiskDisk
Disk
 
mm CGEIT Best Practices and Concepts
mm CGEIT Best Practices and Conceptsmm CGEIT Best Practices and Concepts
mm CGEIT Best Practices and Concepts
 

Similar to Forensic imaging tools

computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Becoming a kinect hacker innovator v2
Becoming a kinect hacker innovator v2Becoming a kinect hacker innovator v2
Becoming a kinect hacker innovator v2Jeff Sipko
 
CSIA 310 Cybersecurity Processes & TechnologiesLab Activity #3.docx
CSIA 310 Cybersecurity Processes & TechnologiesLab Activity #3.docxCSIA 310 Cybersecurity Processes & TechnologiesLab Activity #3.docx
CSIA 310 Cybersecurity Processes & TechnologiesLab Activity #3.docxannettsparrow
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imagingMarco Alamanni
 
Voice Assistance Based Remote Surveillance System
Voice Assistance Based Remote Surveillance SystemVoice Assistance Based Remote Surveillance System
Voice Assistance Based Remote Surveillance SystemIRJET Journal
 
Real Time Object Dectection using machine learning
Real Time Object Dectection using machine learningReal Time Object Dectection using machine learning
Real Time Object Dectection using machine learningpratik pratyay
 
Reproducibility in artificial intelligence
Reproducibility in artificial intelligenceReproducibility in artificial intelligence
Reproducibility in artificial intelligenceCarlos Toxtli
 
Picture Recovery Software:- Retrieves all lost and deleted digital Photos
Picture Recovery Software:- Retrieves all lost and deleted digital PhotosPicture Recovery Software:- Retrieves all lost and deleted digital Photos
Picture Recovery Software:- Retrieves all lost and deleted digital PhotosAlisa Smith
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.guestcf6f5b
 
Digital Forensic tools - Application Specific
Digital Forensic tools - Application SpecificDigital Forensic tools - Application Specific
Digital Forensic tools - Application Specificideaflashed
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
 
Technical portfolio 15 opteng no backlink
Technical portfolio 15 opteng no backlinkTechnical portfolio 15 opteng no backlink
Technical portfolio 15 opteng no backlinkJames
 
Presentation for min project
Presentation for min projectPresentation for min project
Presentation for min projectaraya kiros
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansPeter Clapham
 
Exploring Android Studio
Exploring Android StudioExploring Android Studio
Exploring Android StudioAkshay Chordiya
 

Similar to Forensic imaging tools (20)

computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
You suck at Memory Analysis
You suck at Memory AnalysisYou suck at Memory Analysis
You suck at Memory Analysis
 
Becoming a kinect hacker innovator v2
Becoming a kinect hacker innovator v2Becoming a kinect hacker innovator v2
Becoming a kinect hacker innovator v2
 
CSIA 310 Cybersecurity Processes & TechnologiesLab Activity #3.docx
CSIA 310 Cybersecurity Processes & TechnologiesLab Activity #3.docxCSIA 310 Cybersecurity Processes & TechnologiesLab Activity #3.docx
CSIA 310 Cybersecurity Processes & TechnologiesLab Activity #3.docx
 
Kinect
KinectKinect
Kinect
 
Kinect
KinectKinect
Kinect
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imaging
 
Voice Assistance Based Remote Surveillance System
Voice Assistance Based Remote Surveillance SystemVoice Assistance Based Remote Surveillance System
Voice Assistance Based Remote Surveillance System
 
Real Time Object Dectection using machine learning
Real Time Object Dectection using machine learningReal Time Object Dectection using machine learning
Real Time Object Dectection using machine learning
 
Reproducibility in artificial intelligence
Reproducibility in artificial intelligenceReproducibility in artificial intelligence
Reproducibility in artificial intelligence
 
slide-171212080528.pptx
slide-171212080528.pptxslide-171212080528.pptx
slide-171212080528.pptx
 
Picture Recovery Software:- Retrieves all lost and deleted digital Photos
Picture Recovery Software:- Retrieves all lost and deleted digital PhotosPicture Recovery Software:- Retrieves all lost and deleted digital Photos
Picture Recovery Software:- Retrieves all lost and deleted digital Photos
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.
 
Digital Forensic tools - Application Specific
Digital Forensic tools - Application SpecificDigital Forensic tools - Application Specific
Digital Forensic tools - Application Specific
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
Technical portfolio 15 opteng no backlink
Technical portfolio 15 opteng no backlinkTechnical portfolio 15 opteng no backlink
Technical portfolio 15 opteng no backlink
 
Presentation for min project
Presentation for min projectPresentation for min project
Presentation for min project
 
Flexible compute
Flexible computeFlexible compute
Flexible compute
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticians
 
Exploring Android Studio
Exploring Android StudioExploring Android Studio
Exploring Android Studio
 

Recently uploaded

Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 

Recently uploaded (20)

Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 

Forensic imaging tools

  • 1. A high-level review of acquisition times for several popular imaging tools
  • 2. Background There has been a lot of anecdotal discussion regarding the relative performance of various popular acquisition tools. This document provides an overview of some research currently being undertaken. Once completed the full set of detailed results will be published.
  • 3. Tools Assessed  EnCase Forensic Imager v7.06  FTK Imager v3.1.2  Adepto v2.1 (Helix3)  EnCase LineN v6.12.0.21  IXImager v3  Raptor v2.5  X-Ways v17.1
  • 4. Speed Assessment Parameters Each of the acquisition tools used in this research was placed into one of two categories and measured for how quickly the tool could acquire a 160GB virtual drive. The categories were:  ‘Standalone’ – meaning the tool comes with its own bootable environment  ‘Dependant’ – meaning the tool itself is not part of a bootable environment and requires a third-party write-blocking device or bootable system. Within each category the tools were tested in the same virtual configuration. The default image type was selected together with the fastest compression (if available).
  • 5. ‘Standalone’ Acquisition Tool Environment VIRTUAL MACHINE (VirtualBox) VDI (VIRTUAL SOURCE DISK) VDI (VIRTUAL TARGET DISK) VIRTUAL BOOT CDROM ISO SATA SATA PHYSICAL DISK 1 PHYSICAL DISK 2 PHYSICAL DISK 3 SATA
  • 6. ‘Dependant’ Acquisition Tool Environment VIRTUAL MACHINE (VirtualBox) VDI (VIRTUAL SOURCE DISK) VDI (VIRTUAL TARGET DISK) SATA SATA PHYSICAL DISK 1 PHYSICAL DISK 2 SATA VDI (VIRTUAL SYSTEM DISK) WIN 7 SP1 PHYSICAL DISK 3
  • 7. Overall Results Tool Time to acquire 160GB Image Size Image type IXImager 17 mins 78.6 GB ASB Xways Forensic 27 mins 74.4 GB E01 FTKI 50 mins 68.3 GB E01 Adepto 56 mins 149 GB RAW EnCase Linen 63 mins 149 GB E01 Raptor 69 mins 68.3 GB E01 EnCase Forensic Imager 74 mins 68.6 GB E01
  • 8. Standalone Tool Results For tools that don’t require a write-blocker as part of the acquisition process Tool Time to acquire 160 GB Image size Image type IXImager 17 mins 78.6 GB ASB Adepto 56 mins 149 GB RAW EnCase LineN 1hr 03 mins 149 GB E01 Raptor 1hr 09 mins 68.3 GB E01
  • 9. Dependant Tool Results For tools that require a write-blocker as part of the acquisition process Tool Time to acquire 160 GB Image size Image type X-Ways Forensic 27 mins 74.4 GB E01 FTK Imager 50 mins 68.3GB E01 EnCase Forensic Imager 1hr 14 mins 68.6 GB E01
  • 10. Scalability Assessment The tools were grouped by their ability to accommodate being deployed in an environment containing multiple source devices. Two groups were identified:  Unrestricted  Restricted
  • 11. Unrestricted tools Tool Comment IXImager Unlimited number of concurrent acquisitions, one analysis licence required Raptor Unlimited number of concurrent acquisitions, no licence required EnCase LineN Unlimited number of concurrent acquisitions, no licence required Adepto Unlimited number of concurrent acquisitions, no licence required
  • 12. Restricted tools Tool Comment FTK Imager Requires write-blocker per concurrent acquisition EnCase Forensic Imager Requires write-blocker per concurrent acquisition X-Ways Requires write-blocker per concurrent acquisition, requires dongle per concurrent acquisition