Atola Blog

While physical imaging involves sector-for-sector copying the whole evidence drive from the first LBA to the last one, logical acquisition implies bit-for-bit copying of the file structure. Logical acquisition is handy, when time is limited and you need to quickly start working with the file structure. At the same time, logical image does not include remaining fragments of previously deleted files, which makes this imaging method incomplete. On top of that, hash values of the source and the target will not be identical. Therefore, for profound investigation, it is still preferable to use a physical image. This guide will show how Atola Insight Forensic’s flexible imaging functionality enables users to Read more…

Atola team attended the annual Forensic Europe Expo on May 3 – 4 in London. We were pleased to meet both our existing and potential customers, and answer their questions about Atola Insight Forensic. Those of you who were not able to attend this event may have similar questions, so here are the most frequently asked ones at the Expo and our answers to them. We would be happy to answer any further queries you may have, so please don’t hesitate to write a comment below or send us a message here.   Question: Does write protection work for SATA source drives only? Answer: No, write protection works for all source Read more…

[Update 2022] Atola keeps developing Atola Insight Forensic, forensic data recovery tool that is capable of Seagate password removal via COM port. Insight can recover and/or remove unknown HDD passwords (also known as ATA passwords) and for most hard drives the unlocking process is fully automated. When a device is connected and identified as locked with an ATA password, there is a corresponding PWD indicator displayed in the port, and Security Status in the Home page says Locked, High or Locked, Maximum. High and maximum are password protection levels that the operator who locked the device selected. Although information about it may be relevant to the investigator, both security levels are Read more…

Atola Insight Forensic supports hash calculation of both source and target devices in conjunction with imaging. We have developed highly flexible functionality to help optimize evidence acquisition process to fit one’s internal procedures as well as avoid causing further damage to fragile media. To view the hashing options: Go to Imaging category of the left-side menu and click on Create New Session link Select the target device or file In Preset line click on the Show settings link In the upper part of the Passes and Hash tab there are three checkboxes: Pre-hash source device Hash source during imaging Post-hash target device(s) Multiselect is available, which allows an operator to Read more…

Recently, we received an email from a long-standing client. The drive he was imaging contained a large number of errors. We would like to use this screenshot of a real-case imaging process to illustrate how well Atola Insight Forensic handles imaging hard drives in such dire state. In the screenshot the numbers show that despite encountering over 1100 errors, Insight has already imaged 605 million sectors out of 1,745 million sectors it has attempted to image in this first pass. The speed may seem low, but Insight is actually able to read it, while most other imagers will likely be unable to even identify such device. Second, in this screenshot we Read more…