Development
The handheld hard disk duplicators in the international market can be roughly divided into two generations of products. The first-generation duplicator represented by SF-5000, SOLOII, and SolitaireTurbo can copy speeds up to 1.8GB/min. The second-generation hard disk duplicator represented by ForensicMD5, Sonix, and DD-212 has a copy speed of up to 3.3GB/min.
Classification
Of all kinds of handheld hard disk duplicators, they can be divided into two types: judicial special type and civilian type. The judicial special type is represented by ForensicMD5, SF-5000 and SOLOII. These devices use an accurate data verification mechanism to calculate the hash value of the suspect's hard disk and the evidence hard disk in real time to ensure that the suspect's hard disk data has not been changed and that the suspect's hard disk is exactly the same as the evidence hard disk. At present, the main verification methods are MD5 and CRC32. Based on this method, the copied hard disk can be recognized by some national laws as judicial evidence. However, due to the strict data verification mechanism, the hard disk copy speed of the judicial-specific duplicator is also affected by the data verification time. Take the MD5 duplicator as an example. When obtaining an 80GB hard disk, the copy speed reaches 3GB/min, which should be completed within 30 minutes. However, the final completion time is 55 minutes due to the additional time spent on data verification nearly doubled.
Civilian models are represented by Sonix, DD-212, SolitaireTurbo, and Echo. The outstanding features of these devices are fast speed, multiple functions, and flexible use. However, it cannot be used as a judicial forensics tool because it does not have an accurate data verification function. However, if there are no very strict requirements for accurate copy under some special conditions, then this type of equipment will be a very ideal copy tool. For example, using Solitaire Turbo to copy a Windows XP operating system can be completed in only 1 to 2 minutes, which is several times faster than software copying. Another example is the Sonix duplicator with direct hard disk copy, USB interface copy, SATA hard disk copy, PC-MCIA interface copy, two-way copy, smart copy, partition copy, hard disk management and other functions, the highest copy speed can reach 3.3GB/min, which is currently The most powerful and fastest copy device among all products.
Model
MD5 hard disk duplicator
MD5 hard disk duplicator is the latest computer hard disk forensics equipment designed by the American Logicube company according to the special needs of the judicial department. It went on the market in March 2004 and has now begun to be used in the judicial departments of various countries.
Compared with SF-5000, the speed of MD5 duplicator has been significantly improved. After actual testing, its maximum speed reaches 3GB/min. In the copy mode, MD5 has four modes: direct hard disk copy, USB interface copy, PCMCIA interface copy, and parallel port copy. Its unique dd mirror capture method supports data mirroring of the suspect's hard disk, and can directly use FTK and Encase for data analysis after successful acquisition. The dd image capture method can save multiple images of suspect hard disks in a large-capacity hard disk, which solves the problem of a large number of suspect hard disks but insufficient evidence hard disks. Equipped with CF card, pre-set keywords, and perform keyword search. Supports copying to other operating systems, such as Linux and Apple format hard drives. Due to the use of MD5 and CRC32 data checking mechanism, MD5 hard disk duplicator can ensure the accuracy of data bit alignment, and it is the most accurate and powerful professional computer forensics equipment.
Advantages: short startup time, high copy accuracy, fast speed, multiple methods, keyword search, USB read-only protection.
Insufficient: Compared with SF-5000, the copy speed is doubled, but the actual completion time is still longer.
Sonix Hard Disk Duplicator
Sonix is the latest civilian hard disk duplicator developed and released by Logicube in the United States. It was completed in June 2004. This hard disk duplicator has the characteristics of fast copying speed, wide adaptability, diverse functions, and compact size.
Sonix duplicator is currently the fastest copying product on the market, up to 3.3GB/min, and it only takes 30min to copy an 80GB hard drive. The copy mode supports direct hard disk copy, USB interface copy, PCM-CIA interface copy, parallel port copy, and all interfaces are designed inside the copy machine, no need to connect any additional accessories such as USB adapter, SATA adapter, etc., reducing the need to carry Equipment Quantity. In terms of data acquisition function, Sonix supports two-way copy mode, which can copy data from the inside to the outside, and copy data from the outside to the inside, increasing the flexibility of use, and quickly copying various brands, models, and capacities of 2.5in and 3.5inIDE, EIDE And Ultra-DMA hard disk. It has a selective copy partition function, allowing selective copying of the first and eighth partitions. It supports full sector-to-sector copy for all types of partitions, including support for Mac, Linux, Unix, and Sun. The Sonix copy machine has a smart copy function, which can skip the remaining space of the hard disk and only copy the data area to speed up the copying speed. During the copy process, the partition ratio can be adjusted automatically according to the target disk capacity. NTFS smart copy mode supports all NT-based file systems, such as Windows2000/XP.
In terms of use, Sonix has a unique hard disk management function, and its built-in master disk can be used and managed directly under the Windows environment. You can use the tool software in the Windows environment to adjust the partition and reformat the main disk; use the Windows Explorer to copy or delete the data in the main disk; delete and restore the data in the main disk; the data in the main disk Perform a backup or restore. Hard disk partitions from different sources can be combined into one hard disk, which can replace existing partitions or add partitions to different locations on the main disk.
Sonix; is a computer copy tool suitable for civilian use, but its 3.3GB/min copy speed and flexible use method are especially suitable for some special environments and special needs. Therefore, the device can be used as a computer forensics aid.
Advantages: Short startup time, fast copy speed, multiple copy methods, SATA hard disk, copy without additional accessories, two-way copy, disk management.
Insufficiency: The copy accuracy is slightly different from that of judicial professional equipment, and the improper use of two-way copying may cause accidental losses.
Huiquan DD212/D-port 128 hard disk duplicator
DD-212 and DD-128 are two different civilian hard disk duplicators developed and produced by Taiwan Huiquan Company. The main feature is the fast copy speed, measured at 2.8GB/min. The DD-212 duplicator can copy 2 IDE target hard disks at the same time. DD-128 supports swap copy of SCSI hard disk and IDE hard disk. Both duplicators support 5.25in, 3.5in, 2.5in IDE hard disks and SATA hard disks at the same time. DD-128 additionally adds support for SCSI I/II, Ultra-SCSI and SCA-SCSI hard disks.
Two copy machines are suitable for MS-DOS, IBM-DOS, 0S/2, NEC, WindowsNT/2000/XP, Windows95/98/ME, Macintosh, Unix/Xenix, Novell, Linux, FreeBSD Different operating systems such as format and non-FAT format. The copy mode adopts synchronous independent mode, and the hard disk formatting, copying, fast copying, comparison, verification, data erasing and other functions can be completed at the same time. Data copy, data comparison and verification functions can be performed separately. In terms of copy function, you can choose complete copy, fast copy, and partition copy.
Advantages: fast copy speed, easy to use, better handling of bad sectors, SCSI hard disk copy, 1 to 2 copy.
Insufficient: Large size, insufficient copy accuracy, and different definitions of hard disk power cords, and must not be used interchangeably with other manufacturers' hard disk power cords.
SF-5000 Hard Disk Duplicator
SF-5000 Hard Disk Duplicator is a judicial professional hard disk forensics equipment developed by the American Logicube Company. Although the MD5 duplicator will gradually replace the SF-5000 duplicator and become the mainstream product for judicial forensics in the future, due to its high cost performance, SF-5000 will continue to play an important role in the field of computer forensics in the world.
SF-5000 duplicator contains many functions of MD5 duplicator, but the copy speed is slower than that, only reaching 2GB/min. In addition, it does not have the keyword search function of MD5 duplicator, CF card slot and dd mirror copy mode. Its unique CRC32 check mechanism (software and hardware) can calculate the CRC32 check value of the suspect hard disk and the evidence hard disk at the same time, and output the report through the printer on site. SF-5000 duplicator can be used with USB write protection adapter, Desktop write protection adapter and CloneCard. It is a flexible, safe and reliable computer forensics device. At present, there are thousands of SF-5000 duplicators used by judicial departments all over the world. At home, it is also the most extensive weapon for judicial departments to combat computer crimes.
Advantages: short startup time, high copy accuracy, multiple copy methods, USB interface read-only protection, PCMCIA interface copy.
Insufficient: The copy completion time is slower than other devices.
ICSSolo2Forensics Hard Disk Duplicator
Solo2Forensics is a judicial-specific hard disk forensics equipment developed by the American ICS company. The copy speed from the suspect hard disk to the evidence hard disk can reach 1.8GB/min, with a CRC32 check mechanism to ensure the accuracy of the data bit alignment. As the company's Solo3 is still under development, no finished product has come out, but due to its high cost performance, Solo2 is still the main product promoted by ICS in the judicial departments of various countries.
Solo2 can quickly copy various IDE hard disks, and can copy SCSI hard disks with the PCMCIA SCSI adapter. Able to copy hard disks based on any operating system, such as DOS, Windows3. X, Windows95/98/2000, WindowsNT, OS/2, Macintosh, Unix, Novell, etc. It can be connected to a computer through a parallel port, adapting to the computer forensics problem that the hard disk cannot be removed. With the function of skipping bad sectors, it can speed up the copy completion time of the hard disk. With smart copy function, you can skip the blank area of the hard disk and only copy the data area. With hard disk data erasing function. With the Toshiba 1.8in hard drive adapter provided by ICS, it can directly copy 1.8in hard drives. Cooperating with various notebook computer hard disk adapter cards, you can directly use the duplicator to quickly copy without removing the special adapter card of the notebook computer.
Advantages: high copy accuracy, SCSI interface copy, bad sector skip, 1.8in hard disk copy, and many types of hard disk adapter cards.
Insufficient: The startup time is relatively long, and the flexibility is not enough.
SolitaireTurbo Hard Disk Duplicator
SolitaireTurbo is a civilian hard disk duplicator developed by Logicube of the United States, which can copy hard disk data at high speed, up to 1.8GB/min.
The main features of this device: support two-way copying, which can copy from the internal hard disk to the external port, or from the external port to the internal hard disk, which increases the flexibility of use; it has the intelligent copy function to copy a separate Windows XP system It takes less than 2 minutes, which is very suitable for daily system maintenance; it can be used with USBAdaptor and CloneCard to directly copy the computer hard disk without disassembling the hard disk. With USBAdaptor, it can be used as a USB hard disk box to directly view the hard disk data and perform hard disk maintenance.
Because the system defaults to copy from the internal to the external port, this is contrary to the use of all judicial-specific duplicators. Any operation error will overwrite the suspect's hard disk. Therefore, if you use this device, you must be cautious or cooperate with the hard disk. Write protection equipment in order to protect the suspect's hard disk data security.
Advantages: high copy speed, flexible use, smart copy, USB interface copy, USB hard disk management, CloneCard.
Insufficiency: Improper use of two-way copy may cause unexpected losses.
DriveCopy Hard Disk Duplicator
DriveCopy is a judicial-specific hard disk forensics device developed by the United States MyKey Company. The copy speed is about 1.5GB/min. The advantage of this device is simple and easy to use. Just connect the hard disk and turn on the power to automatically copy the suspect hard disk and evidence hard disk, and automatically prompt after the copy is over. The copy machine has a hard disk read-only function, which can protect the suspect’s hard disk data from being altered. The size of the entire copy machine is only the size of two hard disks, which effectively saves space. Because of its simple operation, it can be used by any non-professionals.
Advantages: Simple operation and read-only data.
Insufficient: no progress display.
Echo Hard Disk Duplicator
Echo is a civilian hard disk copy device developed by the American Logicube company, with a copy speed close to 900MB/min. Echo is currently the smallest hard disk copy device that can be seen in the domestic and foreign markets. Although the copy speed is relatively slow among all the copiers tested, it uses its default smart copy method to copy Windows98/ME/2000/ XP data files are still much faster than software methods, and are very effective for tasks such as system maintenance and hard disk data backup. Echo transfers data in one direction. The operation is very simple. It only needs to press a few buttons to copy the hard disk in smart copy or full disk copy mode as needed. At the same time, it can be used in conjunction with CloneCard, and data can be transmitted through the PCMCIA interface without disassembling the hard disk of the notebook computer.
As a simple and easy-to-use hard disk copy device, Echo's 1GB smart copy speed should be extremely cost-effective compared to a low price.
Advantages: Smallest size, simple operation, smart copy, CloneCard copy, copy speed and progress display.
Insufficient: The speed is low and there is no time to display.