Friday, April 20, 2012

Comparison of Handheld Forensic Duplicators

Let me start by saying that I have been fortunate to have had the ability to try out a number of different duplicators in my career.  For this post I want to show some of the strengths and weaknesses of three of the duplicators that I currently use on a semi-regular basis.

The first I would like to discuss is the Talon Enhanced by Logicube.

The second I would like to discuss is the TD2 by Tableau.

The third and final is the Forensic Dossier also by Logicube.

The Talon Enhanced and the TD2 are very similar machines.  The Forensic Dossier has a few extra capabilities that I will discuss in the Dossier section (coming soon).  I will detail a couple speed tests that I have done with the tools.  I will also list some strengths, weaknesses, and key difference between the tools.

All three tools report roughly the same transfer speeds.  It is my hope to document tests I have personally run using the same Hard Drives in each test.  This will show some differences that you can draw conclusions from yourselves.

The Talon Enhanced
Strengths:
  • Formats Destination FAT32 or NTFS
  • Will create two copies of the source (can copy simultaneously to two destinations)
  • Can act as a write-blocker via USB or eSATA for computer access
  • Stealth mode to hide what the Talon is currently doing
  • Will image to E01 (compressed and non-compressed) or DD (Raw) format.
  • Full QWERTY keyboard for inputting case information 
  • Touch Screen for easy navigation
Weaknesses:
  • (10/May/2012) As of release 1.1.1RC22 the Talon now logs the time of processes! 
  • Larger than the TD2, however with the first destination located inside, the desk space is about the same.
Key Differences from the TD2:
  • Source inputs from the top of the Talon and the Destination/s go inside or to the right.
  • Has NTFS Format Option
  • Allows examiner to plug the Talon into a computer via USB or eSATA and use as a write-blocker.
  • Options to wipe once (1) or DoD wipe which wipes seven (7) times.  TD2 offers one (1) wipe or three (3) wipes  
  • Gives options for compressed E01 and non-compressed E01
Speed Tests:
Source is a Samsung 64GB SSD 830 Series Model: MZ -- 7PC064 with 44.7 GB of data on it
Destination is a WD 500GB HDD Model: WD5000KS wiped previous to each image.

Speed Test 1:
Destination formatted FAT32, E01 option with compression, Hashed
Time to completion:    00:30:50
Size of Image:   44.7 GB

Speed Test 2:
Destination formatted FAT32, E01 option with no compression, Hashed
Time to completion:  00:31:36 (yes it took longer w/o compression)
Size of Image:    59.6 GB

Speed Test 3:
Destination formatted FAT32, DD, Hashed
Time to completion:   00:30:38
Size of Image:    59.6 GB

Speed Test 4:
Destination formatted NTFS, E01 option with compression, Hashed
Time to completion:    00:29:58
Size of Image:    44.7 GB

There are more options available for imaging but I believe that the above four (4) give a reasonable showing of the Talon's capabilities.

TD2
Strengths:
  • Size, The TD2 is smaller than the Talon.
  • Will create two copies of the source (can copy simultaneously to two destinations)
  • Will image to E01 compressed or DD (Raw) format.
  • Logs the time for an image to complete as well as the average speeds.  
  • All Tableau tools are updated using the same update utility.
  • Quick Start.  Allows user to setup a common setup and use it as the first and only option
Weaknesses:
  • Does not Format destinations NTFS.  Tableau has said that an ExFAT option will be released later this year.
  • Only seven buttons that are used with up and down arrows for inputting case information.
  • In my tests the TD2 image time logs were off by about 30 seconds.  It recorded a time 30 seconds faster than the actual time on a 64GB source. 
Key Differences from the Talon Enhanced:
  • Source drive is placed on the left and destination is placed on the right
  • Options to wipe once (1) or three (3) times.  Talon Enhanced and Dossier offer one (1) wipe or DoD wipe which is seven (7) passes.

Speed Tests:
Source is a Samsung 64GB SSD 830 Series Model: MZ -- 7PC064 with 44.7 GB of data on it
Destination is a WD 500GB HDD Model: WD5000KS wiped previous to each image.

Speed Test 1:
Destination formatted FAT32, E01 option with compression, Hashed
Time to completion:   00:31:07
Size of Image:   44.5 GB

Speed Test 2:
Destination formatted FAT32, DD, Hashed
Time to completion:    00:32:35 (yes this is slower than an E01 w/compression)
Size of Image:    59.6 GB

Forensic Dossier:
Coming Soon...

www.h11dfs.com

~Hew
Posted by at

1 comment:

  1. hard drive duplicatorMarch 18, 2013 at 3:02 AM

    The Forensic Quest is a feature packed hand-held forensic data capture device perfect for in-the-field or in-the-lab hard drive data acquisition and verification. speeds will vary depending on size and type of hard drive, it is a user friendly touch screen.

    ReplyDelete

Subscribe to: Post Comments (Atom)