We strongly believe that digital forensic world needs faster solutions to save your precious time, tackle routine tasks easily, and focus on what matters most. That’s why we have been continuously improving Atola TaskForce’s imaging engine to provide our users with:
- up to 18 simultaneous imaging sessions
- the optimal speed of an imaging session
The next big thing to save your time is automation. Complete more tasks in less clicks!
Atola team is proud to release TaskForce firmware update 2019.7 that introduces Web API. It is built into TaskForce. We made Web API available to the public for information purposes: https://atola.com/products/taskforce/api
TaskForce Web API will optimize your workflow in many ways. Let’s have a look at the examples below.
How to use Web API in a browser
Web API is extremely handy as it allows you to use it in scripts, via CLI tools like curl, and simply by typing commands in the browser address bar.
1. Start imaging a source drive plugged into TaskForce SATA 4 port.
2. Track imaging session status using task key received in response to the command above.
Here is what it looks like in action:
Instantly start imaging all source drives
Imagine you have 12 TaskForce ports switched to Source mode and source drives plugged into them. Firmware version 2019.7 enables you to instantly launch 12 imaging sessions with the power of Web API.
Python script utilizes /start-image API request and prints task keys of all started imaging sessions.
import sys
if sys.version_info[0] < 3:
raise Exception("Please use Python 3 to run this script")
import urllib.request
ports = ["SATA1", "SATA2", "SATA3", "SATA4", "SATA5", "SATA6", "SAS1", "SAS2", "SAS3", "SAS4", "SAS5", "SAS6"]
tasks = []
errors = {}
for port in ports:
try:
res = urllib.request.urlopen("http://10.0.0.4/api/start-image?source=%s&targetFolder=//Vitaliy/Share" % (port))
tasks.append(res.read().decode('utf-8'))
except urllib.error.HTTPError as e:
errors[port] = e.read()
print("IDs of started imaging tasks:")
print('\n'.join(tasks))
Automatic forensic analysis upon imaging completion
With TaskForce, you can track the status of the started imaging sessions using /check-task API request. It reports the imaging progress enabling you (or your code) to notice when the task gets completed. Once this notification is received, it makes perfect sense to automatically start the forensic analysis of the target image. Powershell script below shows how one can create this kind of automation flow:
- Start imaging a source drive on TaskForce SATA port 4 to the target folder \\Vitaliy\Share
- Wait for imaging completion using /check-task
- Launch Autopsy Ingest via command-line when the target image is ready
try {
$r = Invoke-WebRequest "http://10.0.0.65/api/start-image?source=SATA4&targetFolder=\\Vitaliy\Share"
}
catch {
Write-Output "$($_.Exception.Message)"
exit $_.Exception.Response.StatusCode
}
$taskKey = $r.Content
do {
$check = (Invoke-WebRequest "http://10.0.0.65/api/check-task?taskKey=$taskKey").Content | ConvertFrom-Json
Start-Sleep -s 1
} while ($check.state -eq "progress")
$windowsPath = "C:\Share\" + ($check.target -replace '[\/]', '\' | Split-Path -leaf)
$caseName = "Case123"
$autopsyArguments = '--inputPath="' + $windowsPath + '" --caseName=' + $caseName + ' --runFromCommandLine=true'
Start-Process -FilePath "C:\Program Files\Autopsy-4.11.0\bin\autopsy64.exe" -ArgumentList $autopsyArguments
NB. Autopsy Ingest v4.11 does not work with network file paths from the command line. That’s why this example shows a shared folder located at PC where PowerShell script is executed. Therefore \\Vitaliy\Share points to C:\Share folder.
All changes
New Features
Introduction of simple Web API with 5 commands:
- /start-image – launches an imaging session
- /check-task – returns the status of an imaging task
- /scan-devices – find all source drives available for imaging
- /stop-task – stops imaging session
- /help – opens API documentation
New system setting:
- Store shared folder logins and passwords in TaskForce
Case ID is now displayed in the device selection window.
Bugfixes
- Target drive serial numbers were missing in imaging reports
- Restoring file image from password-protected network folder denied
- File selection window was too wide when open on mobile phone
- WrappedApiResultException when parsing partition with bad sectors
Where to buy
If you still do not have an Atola TaskForce and would like to place an order, this can be done directly via Atola Technology, or from a distributor near you:
Please contact Atola Technology sales department to receive more specific information:
- Call us: +1 888 540-2010, +1 416 833-3501 10am – 6pm ET
- Or email us
P.S. Dear customers, we appreciate your feedback and take it into consideration when updating our products. Please feel free to write your thoughts and ideas in the comments section below.
He believes in saving time & energy of people doing mission-critical work. Therefore, all his efforts are focused on leading R&D of innovative Atola products.
Gamification enthusiast. Agile development proponent.
- Atola TaskForce 2023.4.2 stability update - August 7, 2023
- Wipe multiple drives in Atola Insight Forensic 5.2 - May 26, 2022
- Logical imaging in TaskForce 2022.4 - April 11, 2022
Vitaliy Mokosiy
Atola CTO He believes in saving time & energy of people doing mission-critical work. Therefore, all his efforts are focused on leading R&D of innovative Atola products. Gamification enthusiast. Agile development proponent.
