SlideShare a Scribd company logo
1 of 12
Download to read offline
A high-level review of acquisition times for several
popular imaging tools
Background
There has been a lot of anecdotal
discussion regarding the relative
performance of various popular acquisition
tools. This document provides an overview
of some research currently being
undertaken. Once completed the full set of
detailed results will be published.
Tools Assessed
 EnCase Forensic Imager v7.06
 FTK Imager v3.1.2
 Adepto v2.1 (Helix3)
 EnCase LineN v6.12.0.21
 IXImager v3
 Raptor v2.5
 X-Ways v17.1
Speed Assessment Parameters
Each of the acquisition tools used in this research was placed
into one of two categories and measured for how quickly the tool
could acquire a 160GB virtual drive. The categories were:
 ‘Standalone’ – meaning the tool comes with its own bootable
environment
 ‘Dependant’ – meaning the tool itself is not part of a bootable
environment and requires a third-party write-blocking device
or bootable system.
Within each category the tools were tested in the same virtual
configuration. The default image type was selected together with
the fastest compression (if available).
‘Standalone’ Acquisition Tool
Environment
VIRTUAL
MACHINE
(VirtualBox)
VDI
(VIRTUAL
SOURCE DISK)
VDI
(VIRTUAL
TARGET DISK)
VIRTUAL
BOOT
CDROM
ISO
SATA
SATA
PHYSICAL DISK 1
PHYSICAL DISK 2
PHYSICAL DISK
3
SATA
‘Dependant’ Acquisition Tool
Environment
VIRTUAL
MACHINE
(VirtualBox)
VDI
(VIRTUAL
SOURCE DISK)
VDI
(VIRTUAL
TARGET DISK)
SATA
SATA
PHYSICAL DISK 1
PHYSICAL DISK 2
SATA
VDI
(VIRTUAL SYSTEM
DISK)
WIN 7 SP1
PHYSICAL DISK 3
Overall Results
Tool Time to acquire 160GB Image
Size
Image
type
IXImager 17 mins 78.6 GB ASB
Xways Forensic 27 mins 74.4 GB E01
FTKI 50 mins 68.3 GB E01
Adepto 56 mins 149 GB RAW
EnCase Linen 63 mins 149 GB E01
Raptor 69 mins 68.3 GB E01
EnCase Forensic Imager 74 mins 68.6 GB E01
Standalone Tool Results
For tools that don’t require a write-blocker as part of
the acquisition process
Tool Time to acquire 160 GB Image size Image
type
IXImager 17 mins 78.6 GB ASB
Adepto 56 mins 149 GB RAW
EnCase LineN 1hr 03 mins 149 GB E01
Raptor 1hr 09 mins 68.3 GB E01
Dependant Tool Results
For tools that require a write-blocker as part of
the acquisition process
Tool Time to acquire 160 GB Image
size
Image type
X-Ways Forensic 27 mins 74.4 GB E01
FTK Imager 50 mins 68.3GB E01
EnCase Forensic Imager 1hr 14 mins 68.6 GB E01
Scalability Assessment
The tools were grouped by their ability to
accommodate being deployed in an
environment containing multiple source
devices. Two groups were identified:
 Unrestricted
 Restricted
Unrestricted tools
Tool Comment
IXImager Unlimited number of concurrent
acquisitions, one analysis licence
required
Raptor Unlimited number of concurrent
acquisitions, no licence required
EnCase LineN Unlimited number of concurrent
acquisitions, no licence required
Adepto Unlimited number of concurrent
acquisitions, no licence required
Restricted tools
Tool Comment
FTK Imager Requires write-blocker per concurrent
acquisition
EnCase Forensic Imager Requires write-blocker per concurrent
acquisition
X-Ways Requires write-blocker per concurrent
acquisition, requires dongle per
concurrent acquisition

More Related Content

What's hot

Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsN.Jagadish Kumar
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Accessing Forensic Images
Accessing Forensic ImagesAccessing Forensic Images
Accessing Forensic ImagesCTIN
 

What's hot (20)

Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
Forensic imaging
Forensic imagingForensic imaging
Forensic imaging
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensics
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection tools
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 
Incident response process
Incident response processIncident response process
Incident response process
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
 
Incident response
Incident responseIncident response
Incident response
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Accessing Forensic Images
Accessing Forensic ImagesAccessing Forensic Images
Accessing Forensic Images
 

Viewers also liked

Модель зрелости процесса (мониторинг и оценка ИБ)
Модель зрелости процесса (мониторинг и оценка ИБ) Модель зрелости процесса (мониторинг и оценка ИБ)
Модель зрелости процесса (мониторинг и оценка ИБ) Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Болевые точки корпоративной сети: взгляд не со стороны службы ИБ
Болевые точки корпоративной сети: взгляд не со стороны службы ИББолевые точки корпоративной сети: взгляд не со стороны службы ИБ
Болевые точки корпоративной сети: взгляд не со стороны службы ИБAleksey Lukatskiy
 
пр Куда идет ИБ в России? (региональные аспекты)
пр Куда идет ИБ в России? (региональные аспекты)пр Куда идет ИБ в России? (региональные аспекты)
пр Куда идет ИБ в России? (региональные аспекты)Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Анализ защищенности ПО и инфраструктур – подходы и результаты
Анализ защищенности ПО и инфраструктур – подходы и результатыАнализ защищенности ПО и инфраструктур – подходы и результаты
Анализ защищенности ПО и инфраструктур – подходы и результатыAdvanced monitoring
 
пр Сколько зарабатывают специалисты по ИБ в России 2016
пр Сколько зарабатывают специалисты по ИБ в России 2016пр Сколько зарабатывают специалисты по ИБ в России 2016
пр Сколько зарабатывают специалисты по ИБ в России 2016Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
UEBA – поведенческий анализ, а не то, что Вы подумали
UEBA – поведенческий анализ, а не то, что Вы подумалиUEBA – поведенческий анализ, а не то, что Вы подумали
UEBA – поведенческий анализ, а не то, что Вы подумалиAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Проблемы безопасной разработки и поддержки импортных средств защиты информации
Проблемы безопасной разработки и поддержки импортных средств защиты информацииПроблемы безопасной разработки и поддержки импортных средств защиты информации
Проблемы безопасной разработки и поддержки импортных средств защиты информацииAleksey Lukatskiy
 
Fusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident responseFusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident responseDr. Richard Adams
 
К вам пришла проверка. Что делать?
К вам пришла проверка. Что делать?К вам пришла проверка. Что делать?
К вам пришла проверка. Что делать?Евгений Царев
 
Опыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACAОпыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACARISClubSPb
 
Опыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACAОпыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACARISClubSPb
 
Повышение осведомленности пользователей по вопросам ИБ/очный семинар RISC
Повышение осведомленности пользователей по вопросам  ИБ/очный семинар RISCПовышение осведомленности пользователей по вопросам  ИБ/очный семинар RISC
Повышение осведомленности пользователей по вопросам ИБ/очный семинар RISCRISClubSPb
 

Viewers also liked (20)

пр Модель зрелости Dlp
пр Модель зрелости Dlpпр Модель зрелости Dlp
пр Модель зрелости Dlp
 
Модель зрелости процесса (мониторинг и оценка ИБ)
Модель зрелости процесса (мониторинг и оценка ИБ) Модель зрелости процесса (мониторинг и оценка ИБ)
Модель зрелости процесса (мониторинг и оценка ИБ)
 
пр про SOC для ФСТЭК
пр про SOC для ФСТЭКпр про SOC для ФСТЭК
пр про SOC для ФСТЭК
 
пр Спроси эксперта про прогнозы ИБ
пр Спроси эксперта про прогнозы ИБпр Спроси эксперта про прогнозы ИБ
пр Спроси эксперта про прогнозы ИБ
 
Болевые точки корпоративной сети: взгляд не со стороны службы ИБ
Болевые точки корпоративной сети: взгляд не со стороны службы ИББолевые точки корпоративной сети: взгляд не со стороны службы ИБ
Болевые точки корпоративной сети: взгляд не со стороны службы ИБ
 
пр Куда идет ИБ в России? (региональные аспекты)
пр Куда идет ИБ в России? (региональные аспекты)пр Куда идет ИБ в России? (региональные аспекты)
пр Куда идет ИБ в России? (региональные аспекты)
 
пр Лицензия ТЗКИ на мониторинг Small
пр Лицензия ТЗКИ на мониторинг Smallпр Лицензия ТЗКИ на мониторинг Small
пр Лицензия ТЗКИ на мониторинг Small
 
Книга про измерения (ITSM)
Книга про измерения (ITSM)Книга про измерения (ITSM)
Книга про измерения (ITSM)
 
Анализ защищенности ПО и инфраструктур – подходы и результаты
Анализ защищенности ПО и инфраструктур – подходы и результатыАнализ защищенности ПО и инфраструктур – подходы и результаты
Анализ защищенности ПО и инфраструктур – подходы и результаты
 
пр Сколько зарабатывают специалисты по ИБ в России 2016
пр Сколько зарабатывают специалисты по ИБ в России 2016пр Сколько зарабатывают специалисты по ИБ в России 2016
пр Сколько зарабатывают специалисты по ИБ в России 2016
 
UEBA – поведенческий анализ, а не то, что Вы подумали
UEBA – поведенческий анализ, а не то, что Вы подумалиUEBA – поведенческий анализ, а не то, что Вы подумали
UEBA – поведенческий анализ, а не то, что Вы подумали
 
Проблемы безопасной разработки и поддержки импортных средств защиты информации
Проблемы безопасной разработки и поддержки импортных средств защиты информацииПроблемы безопасной разработки и поддержки импортных средств защиты информации
Проблемы безопасной разработки и поддержки импортных средств защиты информации
 
Fusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident responseFusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident response
 
К вам пришла проверка. Что делать?
К вам пришла проверка. Что делать?К вам пришла проверка. Что делать?
К вам пришла проверка. Что делать?
 
Опыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACAОпыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CRISC/цикл мастер-классов по программам сертификации ISACA
 
Опыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACAОпыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACA
Опыт подготовки к CISA/цикл мастер-классов по программам сертификации ISACA
 
Повышение осведомленности пользователей по вопросам ИБ/очный семинар RISC
Повышение осведомленности пользователей по вопросам  ИБ/очный семинар RISCПовышение осведомленности пользователей по вопросам  ИБ/очный семинар RISC
Повышение осведомленности пользователей по вопросам ИБ/очный семинар RISC
 
Linux booting process
Linux booting processLinux booting process
Linux booting process
 
Disk
DiskDisk
Disk
 
mm CGEIT Best Practices and Concepts
mm CGEIT Best Practices and Conceptsmm CGEIT Best Practices and Concepts
mm CGEIT Best Practices and Concepts
 

Similar to Forensic imaging tools

computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Becoming a kinect hacker innovator v2
Becoming a kinect hacker innovator v2Becoming a kinect hacker innovator v2
Becoming a kinect hacker innovator v2Jeff Sipko
 
Voice Assistance Based Remote Surveillance System
Voice Assistance Based Remote Surveillance SystemVoice Assistance Based Remote Surveillance System
Voice Assistance Based Remote Surveillance SystemIRJET Journal
 
Real Time Object Dectection using machine learning
Real Time Object Dectection using machine learningReal Time Object Dectection using machine learning
Real Time Object Dectection using machine learningpratik pratyay
 
Reproducibility in artificial intelligence
Reproducibility in artificial intelligenceReproducibility in artificial intelligence
Reproducibility in artificial intelligenceCarlos Toxtli
 
Picture Recovery Software:- Retrieves all lost and deleted digital Photos
Picture Recovery Software:- Retrieves all lost and deleted digital PhotosPicture Recovery Software:- Retrieves all lost and deleted digital Photos
Picture Recovery Software:- Retrieves all lost and deleted digital PhotosAlisa Smith
 
Digital Forensic tools - Application Specific
Digital Forensic tools - Application SpecificDigital Forensic tools - Application Specific
Digital Forensic tools - Application Specificideaflashed
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.guestcf6f5b
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
 
Technical portfolio 15 opteng no backlink
Technical portfolio 15 opteng no backlinkTechnical portfolio 15 opteng no backlink
Technical portfolio 15 opteng no backlinkJames
 
Presentation for min project
Presentation for min projectPresentation for min project
Presentation for min projectaraya kiros
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansPeter Clapham
 
Exploring Android Studio
Exploring Android StudioExploring Android Studio
Exploring Android StudioAkshay Chordiya
 
Feature Based Opinion Mining from Amazon Reviews
Feature Based Opinion Mining from Amazon ReviewsFeature Based Opinion Mining from Amazon Reviews
Feature Based Opinion Mining from Amazon ReviewsRavi Kiran Holur Vijay
 

Similar to Forensic imaging tools (20)

computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
You suck at Memory Analysis
You suck at Memory AnalysisYou suck at Memory Analysis
You suck at Memory Analysis
 
Becoming a kinect hacker innovator v2
Becoming a kinect hacker innovator v2Becoming a kinect hacker innovator v2
Becoming a kinect hacker innovator v2
 
Kinect
KinectKinect
Kinect
 
Kinect
KinectKinect
Kinect
 
Voice Assistance Based Remote Surveillance System
Voice Assistance Based Remote Surveillance SystemVoice Assistance Based Remote Surveillance System
Voice Assistance Based Remote Surveillance System
 
Real Time Object Dectection using machine learning
Real Time Object Dectection using machine learningReal Time Object Dectection using machine learning
Real Time Object Dectection using machine learning
 
Reproducibility in artificial intelligence
Reproducibility in artificial intelligenceReproducibility in artificial intelligence
Reproducibility in artificial intelligence
 
slide-171212080528.pptx
slide-171212080528.pptxslide-171212080528.pptx
slide-171212080528.pptx
 
Picture Recovery Software:- Retrieves all lost and deleted digital Photos
Picture Recovery Software:- Retrieves all lost and deleted digital PhotosPicture Recovery Software:- Retrieves all lost and deleted digital Photos
Picture Recovery Software:- Retrieves all lost and deleted digital Photos
 
Digital Forensic tools - Application Specific
Digital Forensic tools - Application SpecificDigital Forensic tools - Application Specific
Digital Forensic tools - Application Specific
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
Technical portfolio 15 opteng no backlink
Technical portfolio 15 opteng no backlinkTechnical portfolio 15 opteng no backlink
Technical portfolio 15 opteng no backlink
 
Presentation for min project
Presentation for min projectPresentation for min project
Presentation for min project
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticians
 
Flexible compute
Flexible computeFlexible compute
Flexible compute
 
Exploring Android Studio
Exploring Android StudioExploring Android Studio
Exploring Android Studio
 
Feature Based Opinion Mining from Amazon Reviews
Feature Based Opinion Mining from Amazon ReviewsFeature Based Opinion Mining from Amazon Reviews
Feature Based Opinion Mining from Amazon Reviews
 
Kinect Lab Pt.
Kinect Lab Pt.Kinect Lab Pt.
Kinect Lab Pt.
 

Recently uploaded

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 

Recently uploaded (20)

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 

Forensic imaging tools

  • 1. A high-level review of acquisition times for several popular imaging tools
  • 2. Background There has been a lot of anecdotal discussion regarding the relative performance of various popular acquisition tools. This document provides an overview of some research currently being undertaken. Once completed the full set of detailed results will be published.
  • 3. Tools Assessed  EnCase Forensic Imager v7.06  FTK Imager v3.1.2  Adepto v2.1 (Helix3)  EnCase LineN v6.12.0.21  IXImager v3  Raptor v2.5  X-Ways v17.1
  • 4. Speed Assessment Parameters Each of the acquisition tools used in this research was placed into one of two categories and measured for how quickly the tool could acquire a 160GB virtual drive. The categories were:  ‘Standalone’ – meaning the tool comes with its own bootable environment  ‘Dependant’ – meaning the tool itself is not part of a bootable environment and requires a third-party write-blocking device or bootable system. Within each category the tools were tested in the same virtual configuration. The default image type was selected together with the fastest compression (if available).
  • 5. ‘Standalone’ Acquisition Tool Environment VIRTUAL MACHINE (VirtualBox) VDI (VIRTUAL SOURCE DISK) VDI (VIRTUAL TARGET DISK) VIRTUAL BOOT CDROM ISO SATA SATA PHYSICAL DISK 1 PHYSICAL DISK 2 PHYSICAL DISK 3 SATA
  • 6. ‘Dependant’ Acquisition Tool Environment VIRTUAL MACHINE (VirtualBox) VDI (VIRTUAL SOURCE DISK) VDI (VIRTUAL TARGET DISK) SATA SATA PHYSICAL DISK 1 PHYSICAL DISK 2 SATA VDI (VIRTUAL SYSTEM DISK) WIN 7 SP1 PHYSICAL DISK 3
  • 7. Overall Results Tool Time to acquire 160GB Image Size Image type IXImager 17 mins 78.6 GB ASB Xways Forensic 27 mins 74.4 GB E01 FTKI 50 mins 68.3 GB E01 Adepto 56 mins 149 GB RAW EnCase Linen 63 mins 149 GB E01 Raptor 69 mins 68.3 GB E01 EnCase Forensic Imager 74 mins 68.6 GB E01
  • 8. Standalone Tool Results For tools that don’t require a write-blocker as part of the acquisition process Tool Time to acquire 160 GB Image size Image type IXImager 17 mins 78.6 GB ASB Adepto 56 mins 149 GB RAW EnCase LineN 1hr 03 mins 149 GB E01 Raptor 1hr 09 mins 68.3 GB E01
  • 9. Dependant Tool Results For tools that require a write-blocker as part of the acquisition process Tool Time to acquire 160 GB Image size Image type X-Ways Forensic 27 mins 74.4 GB E01 FTK Imager 50 mins 68.3GB E01 EnCase Forensic Imager 1hr 14 mins 68.6 GB E01
  • 10. Scalability Assessment The tools were grouped by their ability to accommodate being deployed in an environment containing multiple source devices. Two groups were identified:  Unrestricted  Restricted
  • 11. Unrestricted tools Tool Comment IXImager Unlimited number of concurrent acquisitions, one analysis licence required Raptor Unlimited number of concurrent acquisitions, no licence required EnCase LineN Unlimited number of concurrent acquisitions, no licence required Adepto Unlimited number of concurrent acquisitions, no licence required
  • 12. Restricted tools Tool Comment FTK Imager Requires write-blocker per concurrent acquisition EnCase Forensic Imager Requires write-blocker per concurrent acquisition X-Ways Requires write-blocker per concurrent acquisition, requires dongle per concurrent acquisition