FREE e-Newsletter
Important News - Hot Topics
Get them Now!

Cobalt Software Platform - Mark43
Mark43's Cobalt software platform unites a set of law enforcement tools securely...

No upcoming webinars scheduled

Departments : Computers & Software

Logicube Forensic MD5

Capturing cyber-crime evidence is a snap with this portable, handheld, easy-to-use device.

March 01, 2005  |  by Bob Davis

The Forensic MD5's operation software includes sample "keyword" lists, which can be used to conduct preliminary screening of a suspect drive. Presence of one or more of these keywords on a suspected drive could be the probable cause you'll need for a more in-depth search. Logicube supplies sample lists for terrorism, controlled substances, computer crimes, and hate groups. The lists are simple text files that can be edited by any plain text editor such as Microsoft's Notepad.

Also included in the Forensic MD5 kit are a variety of patch cables, including one long enough to capture a drive's image while it's still mounted in the suspect's PC. There's also a PCMCIA or PC card adapter for grabbing data from a notebook PC and a USB WritePROtect dongle that can be used to capture information via a computer's USB 1.1 or 2.0 ports.

Other components in the kit include a small flashlight, a screwdriver for opening computer casings, and a Canon portable inkjet printer for producing a hard copy record of your work. If you do run into a situation where info is stored on a more exotic space such as an iPod, CF card, or other device, Logicube sells specialized adapters.

The process for capturing an exact image of a suspect disk with the Forensic MD5 is actually quite easy. Once you've installed the proper cables, power up the unit and install the destination drive within the MD5 unit. Remember, the source drive-the suspect drive-always remains outside the unit. If you accidentally place the suspect hard drive into the Forensic MD5 unit, you will wipe out all the data on your suspect's hard disk, which is a really, really bad thing.

Indicator lights and an LCD display on the Forensic MD5 prompt you on what to do once you hook the machine up to a suspect disk. If you run into a problem, context-sensitive help can be accessed by pressing the "?" button.

Data can be cloned from a suspect drive in Native Capture and DD Image Capture modes. Native Capture images all data at the sector level and sends it to a dedicated destination drive. DD Image Capture creates a subdirectory for each drive captured with files that are easily accessible with other forensic software such as Encase and ILook.

Once you've selected your capture mode, scroll to "Capture" on the LCD display and press select. Choose any appropriate option such as Verify, On Error, or Speed, then press the Start/Stop button twice. After completing a CRC32 integrity scan of the destination drive, the unit will mirror or clone the data from the suspect to the new destination drive. The capture ends with a "Capture Successful" message on the display with the MD5 Hash value for both drives.

If you are looking for an easy and secure way to clone hard drives for forensic analysis, then look at Logicube's Forensic MD5 kit. It's a great tool for your cybercrime investigation arsenal.

Bob Davis supervises the San Diego Police Department's computer lab. He has 26 years of experience on the force.

«   Page 2 of 2   »

Request more info about this product / service / company

Be the first to comment on this story

POLICE Magazine does not tolerate comments that include profanity, personal attacks or antisocial behavior (such as "spamming" or "trolling"). This and other inappropriate content or material will be removed. We reserve the right to block any user who violates this, including removing all content posted by that user.
Police Magazine