Atola Blog

Reassembling RAID 5 array
Atola TaskForce

Imaging RAID 5 array with errors on multiple drives

When imaging RAID 5 array with errors on multiple drives, Atola TaskForce is still able to detect its parameters and image the whole RAID. Let’s examine a case with a RAID 5 consisting of 5 drives, two of which have bad sectors. Reassembling RAID 5 array with errors on multiple drives Click the RAID button in the left-side taskbar and select the drives that make up the RAID array.  TaskForce autodetection module starts running immediately upon selection of the RAID members. In Stage 1, TaskForce reads data on the drives to identify the RAID type. In case it runs across an error, it displays an Error tag next to the corresponding RAID Read more…

By Olga Milishenko, ago
Atola Insight Forensic

Atola Insight 4.17 with AFF4 support

Our dev team has decided to celebrate 2021 with a new software update. With this release, Atola Insight Forensic has become the first forensic hardware imager in the world that is able to image into AFF4 files! Here is why AFF4 support is so important. AFF4 imager So what’s the big deal about AFF4? This file format has several upsides: Open-source format: you can describe it in a court Fast compression methods: Snappy and LZ4 Block hashes It stores binary zeroes as spans (in a “sparse file” manner) Vendor-neutral Since our team is always focused on performance and AFF4 is a highly optimized file format, Insight’s imaging speed will be Read more…

By Vitaliy Mokosiy, ago
Calculating entropy during imaging
Atola TaskForce

The importance of ECC RAM in forensic imagers

When working with evidence drives, data integrity is critical. Using ECC RAM, which identifies and corrects common single-bit errors, would help dramatically improve data transfer reliability in digital forensic tools. Why use ECC memory Electrical, magnetic or even radioactive interference inside a system, may cause a single bit of DRAM (Dynamic Random-Access Memory) to flip to the opposite state, resulting in an error. While the single-bit error in an ordinary situation could be harmless or have a comparatively mild effect (like a wrongly colored pixel in a .jpeg file), in forensic imaging, it means that the whole image you get is compromised. Because the hash of the image won’t be Read more…

By Olga Milishenko, ago
Multiple imaging sessions
Atola TaskForce

How to benefit from the range of sources and targets in Atola TaskForce

How often are you faced with a case with multiple individual devices with different interfaces (HDDs, SSDs, NVMe, USB, etc.) or a whole RAID array? If all you have on your hands is one imager with no parallel imaging capacity, it can result in a prohibitive processing timeline. To help you tackle such cases, we equipped TaskForce with huge performance capacity, backed by server-class hardware: TaskForce handles 12+ parallel imaging sessions on its 18 ports. In this blog, we show how the range of sources and targets you can use for imaging. Atola TaskForce’s configurability: the range of source and targets The product has been designed with the configurability, flexibility, Read more…

By Olga Milishenko, ago
Atola TaskForce

Imaging RAID 0 array

TaskForce has a unique RAID configuration detection module. Furthermore, it is able to sustain multiple high-speed imaging sessions on its 18 ports. This makes it a perfect imager to perform reassembly of RAID with an unknown configuration and fast forensic imaging of such arrays. Here is how imaging RAID 0 array becomes an effortless job! Assembling a RAID 0 array To assemble RAID 0, follow these steps: Connect the drives that make up a RAID array to the TaskForce hardware unit. Most importantly, make sure to switch the ports to the Source mode; Click the RAID button in the left-side taskbar 3. Select the drives in Select source device panel and Read more…

By Olga Milishenko, ago
Imaging RAID 0
Atola TaskForce

Imaging RAID 5 array with Atola TaskForce

Atola supports RAID imaging and provides a breakthrough configuration autodetection module for RAID 0, 1 and 5 with NTFS and ext4/3/2 file systems. More RAID types and file systems will be supported in the upcoming releases with RAID 10 coming by the end of 2020. Here is how to make a RAID image from RAID 5 with an unknown configuration. The RAID array can be imaged as a whole only its individual partitions.

By Yulia Samoteykina, ago
Atola TaskForce

Forensic RAID rebuild in Atola TaskForce 2020.7

Today we are introducing the largest firmware update of Atola TaskForce ever – 2020.7. It adds a new facet to the product turning it into the first forensic hardware RAID imager in the world and forensic RAID rebuild effortless! I’d like to start by revealing the pain digital forensic experts have these days. Quotes of forensic examiners about RAID image acquisition: “How would one go about imaging a “RAID server” “I will normally use <data recovery tool> to reconstruct they RAID as I like their interface and the ability to manually select different RAID parameters.”  “I am looking for options to Image a RAID storage on a windows 10 computer” Read more…

By Vitaliy Mokosiy, ago