With 2020.7, Atola TaskForce supports RAID imaging and provides a breakthrough configuration autodetection module for RAID 0, 1 and 5 with NTFS and ext4/3/2 file systems. More RAID types and file systems will be supported in the upcoming releases with RAID 10 coming by the end of 2020. Imaging RAID 5 array with an unknown configuration is effortless in TaskForce.

1. Start by clicking on the new RAID icon in the left-side Task Menu.

2. Next, select the devices that make up the RAID array and click Continue.

NB You can also use images of the individual drives from the RAID array by browsing and selecting images in the FILE subsection of the Select source device menu.

Next you see the RAID configuration screen. It consists of three parts: RAID configuration part at the top is where you see the selected devices or files. Underneath it, there is the RAID Partitions viewer, which allows a preview of partitions and files within them upon a successful RAID assembly. In the right-hand part of the screen, Autodetection module starts running as soon as the screen has been loaded and produces an output of RAID configuration suggestions.

NB Autodetection module reads data on all devices or images that make up the RAID to identify its configuration, namely: RAID type (level), start LBA, block size and block order. If these parameters are known, the operator can set them manually. Depending on the RAID type, its volume, and how metadata is distributed on the drives in the RAID, Autodetection can produce configuration suggestions within a period of 30 seconds to a few hours (when dealing with a RAID of 9+ drives). In some cases, Autodetection can produce several configuration suggestions, which can be applied one by one to find the exact match.

3. Click the Apply button to apply the configuration suggested by the Autodetection module.

If the suggested configuration matches the RAID native configuration, partitions of the RAID will be displayed and a preview of data within the partition will be enabled.

4. Click GO TO IMAGE button in the left bottom corner of the screen to adjust the imaging settings and define the target for the image.

5. Select the target for the imaging session. Both a local server and a target device in Storage mode can be used for imaging of a RAID array.

6. Click + CREATE FILE button and fill out the image details in the Create image file window and click Create.

7. In the Settings page, click the Change button and then the imaging pass settings.

8. Then, in Edit imaging pass window, you can select the individual partitions to be imaged if selective imaging is required and click Save.

9. Click the START button to proceed with imaging.

TaskForce will be imaging RAID 5 array or its partitions as configured in the imaging settings.

At the end of imaging, TaskForce will produce an Imaging completed report with all the details of the source drives, the RAID configuration, the target, the partition, the timestamps, etc.

Yulia Samoteykina
Latest posts by Yulia Samoteykina (see all)
Categories: Atola TaskForce

Yulia Samoteykina

Director of Marketing Yulia believes that with a product that is exceptionally good at solving tasks of forensic experts, marketing is all about explaining its capabilities to the users. She loves hanging around engineers and participating in product design.