Atola Blog

Insight’s case management system has been created to help users efficiently keep track of hard drive-related information. Even if a hard drive has already been used for a while, imaging and hashing have already been performed, it is still possible to open the case and make adjustments to its details. Click the Plus icon next to the Case Number in the top right corner. Now you can enter or change the Case Number and Description. To save your changes click OK button. You will see the description visible next to the Case History. For quick changes, you can also click Change link located right below the description. A little lower Read more…

We are delighted to announce the release of Atola Insight Forensic 4.9! With this release we introduce our new Thunderbolt extension module, which will enable forensically sound imaging and other operations on all generations of MacBooks. The full list of Atola Insight Forensic 4.9 changes can be found here: Atola Insight Forensic Changelog. Supported interfaces and functionality Thunderbolt extension enables Insight to work on all MacBooks with the following interfaces: FireWire Thunderbolt 2 Thunderbolt 3 (2016 – 2017 models) With the help of Thunderbolt extension module you can perform such operations: imaging hash calculation hash verification comparing media scan file recovery 2016 and 2017 generations of MacBooks have non-extractable SSD Read more…

Insight’s Case Management system includes flexible printing functionality. To print a report click the Print link in the case’s Home page. In the Print Case History window you get all the reports listed, sortable by date or by reported operation. It is possible to tick just some of the reports or select all reports in the case by ticking the check box in the header of the list. Below there are all pictures attached to the case, which you can also select to be printed. At the top of the Print Case History window there are four check boxes with report listing and printing settings (click on the Case Management Read more…

While physical imaging involves sector-for-sector copying the whole evidence drive from the first LBA to the last one, logical acquisition implies bit-for-bit copying of the file structure. Logical acquisition is handy, when time is limited and you need to quickly start working with the file structure. At the same time, logical image does not include remaining fragments of previously deleted files, which makes this imaging method incomplete. On top of that, hash values of the source and the target will not be identical. Therefore, for profound investigation, it is still preferable to use a physical image. This guide will show how Atola Insight Forensic’s flexible imaging functionality enables users to Read more…

Atola team attended the annual Forensic Europe Expo on May 3 – 4 in London. We were pleased to meet both our existing and potential customers, and answer their questions about Atola Insight Forensic. Those of you who were not able to attend this event may have similar questions, so here are the most frequently asked ones at the Expo and our answers to them. We would be happy to answer any further queries you may have, so please don’t hesitate to write a comment below or send us a message here.   Question: Does write protection work for SATA source drives only? Answer: No, write protection works for all source Read more…