I recently got my hands on the Tableau T35es Forensic Bridge. Excited to try out the first Tableau bridge with an eSATA host connection, I ordered two (kits with the power supply and all cables) from Digital Intelligence. A few days later, it was like Christmas in April. Or, so I thought.
Problems Start Just After Opening The Package
Upon opening the package, I discovered that the included "eSATA cable" was really an "eSATA to SATA" cable - one end was simply an L-shaped SATA connector. Luckily, I had a spare eSATA cable handy.
Immediately upon first trying it out, I had a scare. It failed to detect all three of the Seagate Barracuda 7200.11 500 GB drives that I had just purchased. I then tried it with other drives, and they all worked fine.
After testing the Seagate 7200.11 drives with different systems, I found inconsistent support for them. Booting a Dell OptiPlex 745 with Ubuntu 8.04, I was able to read the first 10 GB on the drives at 112 MB/s. Booting a Dell Dimension 9200 with the same Ubuntu disk yielded roughly 60 MB/s for the same test.
Fast (Partial) Resolution
I contacted Tableau support, and they quickly responded with a beta version of firmware for the T35es. I decided to try it on one of my T35es devices, and sure enough, it recognizes the 7200.11 drives just fine. In my tests, when connected to my host system via eSATA, it achieved a sustained read speed of 106 MB/s for the first 10 GB of the drive. That's much better than I could ever hope for with Firewire. Unfortunately my Firewire 800 card died before testing, so I wasn't able to get benchmark data in time for this post.
No Bull
While I'm excited to have eSATA host support (especially since my firewire card kicked the bucket!), having to resort to beta firmware to work with the Seagate 7200.11 drives might not be an option for many folks. I sure don't want to have to explain to a judge why I believe my disk image is a perfect copy, and that the source drive remained unaltered, even though I was using a firmware version that wasn't supported by its manufacturer.
My advice: If you're in the market for a forensic bridge, the Tableau T35es might be the one to beat. However, unless you have other bridges to hold you over (my Tableau T15 recognized the Seagate 7200.11 drives), wait until a firmware update is released.
The Lab Rat is a regular column authored by Brian Eckman, GCFA Silver #434. Every few weeks, Brian will post an article about new or upgraded gear for forensic labs. With topics ranging from forensics hardware & software, to analysis systems and mobile kits. The Lab Rat will never give you any Bull.
.png "Finding_Evil_WMI_Event_Consumers_with_Disk_Forensics_-Blog_(1).png")
.png "Blog_teaser_images_(19).png")
