Our dev team has decided to celebrate 2021 with a new software update. With this release, Atola Insight Forensic has become the first forensic hardware imager in the world that is able to image into AFF4 files! Here is why AFF4 support is so important.
AFF4 imager
So what’s the big deal about AFF4? This file format has several upsides:
- Open-source format: you can describe it in a court
- Fast compression methods: Snappy and LZ4
- Block hashes
- It stores binary zeroes as spans (in a “sparse file” manner)
- Vendor-neutral
Since our team is always focused on performance and AFF4 is a highly optimized file format, Insight’s imaging speed will be as impressive as ever!
Another thing worth mentioning is the rapid proliferation of this file format in the industry. Various forensic image analysis tools have already supported AFF4: Magnet Forensics AXIOM and AUTOMATE, X-Ways Forensics, Cellebrite Blacklight, AccessData FTK.
To learn more about AFF4, visit the official website: AFF4 -The Advanced Forensics File Format
Imaging report for an AFF4 image file
Note: AFF4 block hashes feature is not supported yet. It will be added in the next release. Until then, we recommend using segmented hashing.
Entropy calculation while imaging
The DiskSense hardware unit that we developed for Atola Insight is a powerful box. Not only does it calculate linear & segmented hashes in the course of imaging, it can also perform various data analyses without penalty on imaging performance. In the earlier versions of the software, we added file signatures & artifacts. Now it’s time to show the big picture of source drive data with an entropy map.
Entropy shows the degree of data randomness across the whole space of the source evidence drive. By opening the Entropy tab, you can overview the data distribution. The light pink color means a low entropy level close to 0%. Most likely, you have sectors filled with binary zeroes or a pattern there. Whereas the dark purple color indicates the maximum data randomness. Based on experience, it is a sign of:
- encrypted files or partitions
- compressed videos, photos, audio files
- compressed archive files
Imaging engine is calculating entropy on-the-fly
Changelog
New Features
AFF4 support
New imaging option: Calculate entropy. It enables data randomness analysis in the course of imaging.
Link to the new imaging Cheat sheet added to a few screens
If SATA target is limited via HPA at the start of imaging, a corresponding log message is added
Changed parameters of a new image file are saved and applied during the following imaging
Bugfixes
Blue screen on Windows 10 October update during Atola Insight installation process
Imaging. ‘Disabled read-look ahead’ option was not working
Minor UI bugfixes
Download
You can download the latest update here: Insight Forensic 4.17
Where to buy
If you still do not have an Atola Insight Forensic and would like to place an order, contact Atola Technology directly, or a distributor near you:
Please contact Atola Technology sales department to receive more specific information:
- Call us: +1 888 540-2010, +1 416 833-3501 10am – 6pm ET
- Or email us
P.S. Dear customers, we appreciate your feedback and take it into consideration when updating our products. Please feel free to write your thoughts and ideas in the comments section below.
He believes in saving time & energy of people doing mission-critical work. Therefore, all his efforts are focused on leading R&D of innovative Atola products.
Gamification enthusiast. Agile development proponent.
- Atola TaskForce 2023.4.2 stability update - August 7, 2023
- Wipe multiple drives in Atola Insight Forensic 5.2 - May 26, 2022
- Logical imaging in TaskForce 2022.4 - April 11, 2022
Vitaliy Mokosiy
Atola CTO He believes in saving time & energy of people doing mission-critical work. Therefore, all his efforts are focused on leading R&D of innovative Atola products. Gamification enthusiast. Agile development proponent.
