homepage
Open menu
Go one level top
  • Train and Certify
    Train and Certify

    Immediately apply the skills and techniques learned in SANS courses, ranges, and summits

    • Overview
    • Courses
      • Overview
      • Full Course List
      • By Focus Areas
        • Cloud Security
        • Cyber Defense
        • Cybersecurity and IT Essentials
        • DFIR
        • Industrial Control Systems
        • Offensive Operations
        • Management, Legal, and Audit
      • By Skill Levels
        • New to Cyber
        • Essentials
        • Advanced
        • Expert
      • Training Formats
        • OnDemand
        • In-Person
        • Live Online
      • Course Demos
    • Training Roadmaps
      • Skills Roadmap
      • Focus Area Job Roles
        • Cyber Defence Job Roles
        • Offensive Operations Job Roles
        • DFIR Job Roles
        • Cloud Job Roles
        • ICS Job Roles
        • Leadership Job Roles
      • NICE Framework
        • Security Provisionals
        • Operate and Maintain
        • Oversee and Govern
        • Protect and Defend
        • Analyze
        • Collect and Operate
        • Investigate
        • Industrial Control Systems
      • European Skills Framework
    • GIAC Certifications
    • Training Events & Summits
      • Events Overview
      • Event Locations
        • Asia
        • Australia & New Zealand
        • Latin America
        • Mainland Europe
        • Middle East & Africa
        • Scandinavia
        • United Kingdom & Ireland
        • United States & Canada
      • Summits
    • OnDemand
    • Get Started in Cyber
      • Overview
      • Degree and Certificate Programs
      • Scholarships
    • Cyber Ranges
  • Manage Your Team
    Manage Your Team

    Build a world-class cyber team with our workforce development programs

    • Overview
    • Why Work with SANS
    • Group Purchasing
    • Build Your Team
      • Team Development
      • Assessments
      • Private Training
      • Hire Cyber Professionals
      • By Industry
        • Health Care
        • Industrial Control Systems Security
        • Military
    • Leadership Training
  • Security Awareness
    Security Awareness

    Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk

    • Overview
    • Products & Services
      • Security Awareness Training
        • EndUser Training
        • Phishing Platform
      • Specialized
        • Developer Training
        • ICS Engineer Training
        • NERC CIP Training
        • IT Administrator
      • Risk Assessments
        • Knowledge Assessment
        • Culture Assessment
        • Behavioral Risk Assessment
    • OUCH! Newsletter
    • Career Development
      • Overview
      • Training & Courses
      • Professional Credential
    • Blog
    • Partners
    • Reports & Case Studies
  • Resources
    Resources

    Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis

    • Overview
    • Webcasts
    • Free Cybersecurity Events
      • Free Events Overview
      • Summits
      • Solutions Forums
      • Community Nights
    • Content
      • Newsletters
        • NewsBites
        • @RISK
        • OUCH! Newsletter
      • Blog
      • Podcasts
      • Summit Presentations
      • Posters & Cheat Sheets
    • Research
      • White Papers
      • Security Policies
    • Tools
    • Focus Areas
      • Cyber Defense
      • Cloud Security
      • Digital Forensics & Incident Response
      • Industrial Control Systems
      • Cyber Security Leadership
      • Offensive Operations
  • Get Involved
    Get Involved

    Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.

    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    About

    Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills

    • SANS
      • Overview
      • Our Founder
      • Awards
    • Instructors
      • Our Instructors
      • Full Instructor List
    • Mission
      • Our Mission
      • Diversity
      • Scholarships
    • Contact
      • Contact Customer Service
      • Contact Sales
      • Press & Media Enquiries
    • Frequent Asked Questions
    • Customer Reviews
    • Press
    • Careers
  • Contact Sales
  • SANS Sites
    • GIAC Security Certifications
    • Internet Storm Center
    • SANS Technology Institute
    • Security Awareness Training
  • Search
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. Three hard drive imaging tools
Quinn Shamblin

Three hard drive imaging tools

October 1, 2008

Capturing an image of a hard drive for purpose of further review and investigation is a common digital forensics activity. Here is a quick review of three of my favorites tools.

hardcopy.jpg
Hardcopy II

The VOOM Hardcopy II is a great general purpose hard drive imaging tool and is my go-to solution. It is fast, simple to use and can either image or clone if you prefer. The imaging rate of these is limited only by transfer rate of the suspect and evidence drives. I routinely see 2-3+ GB/minute imaging rates with newer drives. Expect to pay ~$1000 for one of these, although you can sometimes get deals if you go to forensics conferences (especially those targeted at law enforcement).

The Image MASSter Solo-3 is also very fast and it offers a whole pack of features not available in the Hardcopy. However it is also about 2-4 times the cost of the Hardcopy (depending on features) and more complex to use. Still, a great tool. Some very useful features:

  • Copy a suspect drive to TWO evidence drives simultaneously, with no decrease in imaging rate
    imagemasster.jpg
    Image MASSter Solo-3
    • Image a computer through a firewire port without removing the harddrive
    • Image closed MACs (software upgrade). It is this last feature that prompted me to pick one of these up. If any of you have had to crack one of the new iMacs, you know what I mean. Strangely, it does not image the MAC by taking advantage of the MAC target disk mode as I expected, but it can still do it by use of a boot CD.
    • Restore an image to a hard drive so that you have a live clone of the suspect machine that can be run and examined as if you are the owner.

    A Tableau write blocker set (one write blocker and one pass-through) is quite a bit less pricy, but this solution is slower than the above. These devices require a laptop or other computer with imaging software to take a forensic image. Due to the speed, however, I almost never use this approach. If I can get the drive out, I will use the Hardcopy or ImagMASSter every time. However, there are a few cases where these can be a real lifesaver:

    tableau
    Tableau Write Blocker and Pass-through Block
    • When you need to take an image of a live system such as when a system has full-disk encryption (in such cases, the yellow pass-through block is a stable platform to mount a writable harddrive to the suspect system)
    • When you cannot open the system for whatever reason
    • When you have a large number of drives to image in limited time and need every available machine working.

      So, quick summary:

      DevicePriceSpeed *Ease of UseFeatures
      Hardcopy II$$2-3 GB/MinEasyStand alone, Fast, Cloning, Imaging, Requires hard drives be removed
      Imag MASSter Solo-3$$$$2-3 GB/MinModerateStand alone, Fast imaging of removed hard drives, Image a system without removing the hard drive, Image a mac
      Tableau$1-1.5 GB/MinEasyRequires a computer and imaging software, Image a live system

      *Notes: The speeds quoted are my field experience using the tools, these figures are not from the company. Others in different conditions may experience different performance. 

      Quinn Shamblin, quinn.shamblin@uc.edu, GCFA Silver #2801
      Investigator, University of Cincinnati Information Security

      Share:
      TwitterLinkedInFacebook
      Copy url Url was copied to clipboard
      Subscribe to SANS Newsletters
      Receive curated news, vulnerabilities, & security awareness tips
      United States
      Canada
      United Kingdom
      Spain
      Belgium
      Denmark
      Norway
      Netherlands
      Australia
      India
      Japan
      Singapore
      Afghanistan
      Aland Islands
      Albania
      Algeria
      American Samoa
      Andorra
      Angola
      Anguilla
      Antarctica
      Antigua and Barbuda
      Argentina
      Armenia
      Aruba
      Austria
      Azerbaijan
      Bahamas
      Bahrain
      Bangladesh
      Barbados
      Belarus
      Belize
      Benin
      Bermuda
      Bhutan
      Bolivia
      Bonaire, Sint Eustatius, and Saba
      Bosnia And Herzegovina
      Botswana
      Bouvet Island
      Brazil
      British Indian Ocean Territory
      Brunei Darussalam
      Bulgaria
      Burkina Faso
      Burundi
      Cambodia
      Cameroon
      Cape Verde
      Cayman Islands
      Central African Republic
      Chad
      Chile
      China
      Christmas Island
      Cocos (Keeling) Islands
      Colombia
      Comoros
      Cook Islands
      Costa Rica
      Croatia (Local Name: Hrvatska)
      Curacao
      Cyprus
      Czech Republic
      Democratic Republic of the Congo
      Djibouti
      Dominica
      Dominican Republic
      East Timor
      East Timor
      Ecuador
      Egypt
      El Salvador
      Equatorial Guinea
      Eritrea
      Estonia
      Ethiopia
      Falkland Islands (Malvinas)
      Faroe Islands
      Fiji
      Finland
      France
      French Guiana
      French Polynesia
      French Southern Territories
      Gabon
      Gambia
      Georgia
      Germany
      Ghana
      Gibraltar
      Greece
      Greenland
      Grenada
      Guadeloupe
      Guam
      Guatemala
      Guernsey
      Guinea
      Guinea-Bissau
      Guyana
      Haiti
      Heard And McDonald Islands
      Honduras
      Hong Kong
      Hungary
      Iceland
      Indonesia
      Iraq
      Ireland
      Isle of Man
      Israel
      Italy
      Jamaica
      Jersey
      Jordan
      Kazakhstan
      Kenya
      Kiribati
      Korea, Republic Of
      Kosovo
      Kuwait
      Kyrgyzstan
      Lao People's Democratic Republic
      Latvia
      Lebanon
      Lesotho
      Liberia
      Liechtenstein
      Lithuania
      Luxembourg
      Macau
      Macedonia
      Madagascar
      Malawi
      Malaysia
      Maldives
      Mali
      Malta
      Marshall Islands
      Martinique
      Mauritania
      Mauritius
      Mayotte
      Mexico
      Micronesia, Federated States Of
      Moldova, Republic Of
      Monaco
      Mongolia
      Montenegro
      Montserrat
      Morocco
      Mozambique
      Myanmar
      Namibia
      Nauru
      Nepal
      Netherlands Antilles
      New Caledonia
      New Zealand
      Nicaragua
      Niger
      Nigeria
      Niue
      Norfolk Island
      Northern Mariana Islands
      Oman
      Pakistan
      Palau
      Palestine
      Panama
      Papua New Guinea
      Paraguay
      Peru
      Philippines
      Pitcairn
      Poland
      Portugal
      Puerto Rico
      Qatar
      Reunion
      Romania
      Russian Federation
      Rwanda
      Saint Bartholemy
      Saint Kitts And Nevis
      Saint Lucia
      Saint Martin
      Saint Vincent And The Grenadines
      Samoa
      San Marino
      Sao Tome And Principe
      Saudi Arabia
      Senegal
      Serbia
      Seychelles
      Sierra Leone
      Sint Maarten
      Slovakia
      Slovenia
      Solomon Islands
      South Africa
      South Georgia and the South Sandwich Islands
      South Sudan
      Sri Lanka
      St. Helena
      St. Pierre And Miquelon
      Suriname
      Svalbard And Jan Mayen Islands
      Swaziland
      Sweden
      Switzerland
      Taiwan
      Tajikistan
      Tanzania
      Thailand
      Togo
      Tokelau
      Tonga
      Trinidad And Tobago
      Tunisia
      Turkey
      Turkmenistan
      Turks And Caicos Islands
      Tuvalu
      Uganda
      Ukraine
      United Arab Emirates
      United States Minor Outlying Islands
      Uruguay
      Uzbekistan
      Vanuatu
      Vatican City
      Venezuela
      Vietnam
      Virgin Islands (British)
      Virgin Islands (U.S.)
      Wallis And Futuna Islands
      Western Sahara
      Yemen
      Yugoslavia
      Zambia
      Zimbabwe

      By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

      This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

      Tags:
      • Digital Forensics and Incident Response

      Related Content

      Blog
      DFIR_-_Advise_from_the_Trenches_-_340x340_Thumb.jpg
      Digital Forensics and Incident Response
      March 22, 2023
      What is In a Name?
      In digital forensics, the highlights come from the cases where incident response teams have proven that the threat actors were caught red-handed.
      370x370_Kevin-Ripa.jpg
      Kevin Ripa
      read more
      Blog
      DFIR_-_DFIR_Origin_Stories_-_340x340_Thumb.jpg
      Digital Forensics and Incident Response
      March 20, 2023
      DFIR Origin Stories - Kat Hedley
      Digital Forensics and Incident Response (DFIR) called to Kat Hedley as soon as she first entered the workforce.
      DFIR_ICON_(1).PNG
      SANS DFIR
      read more
      Blog
      Untitled_design-43.png
      Digital Forensics and Incident Response, Cybersecurity and IT Essentials, Industrial Control Systems Security, Purple Team, Open-Source Intelligence (OSINT), Penetration Testing and Red Teaming, Cyber Defense, Cloud Security, Security Management, Legal, and Audit
      December 8, 2021
      Good News: SANS Virtual Summits Will Remain FREE for the Community in 2022
      They’re virtual. They’re global. They’re free.
      370x370-person-placeholder.png
      Emily Blades
      read more
      • Register to Learn
      • Courses
      • Certifications
      • Degree Programs
      • Cyber Ranges
      • Job Tools
      • Security Policy Project
      • Posters & Cheat Sheets
      • White Papers
      • Focus Areas
      • Cyber Defense
      • Cloud Security
      • Cybersecurity Leadership
      • Digital Forensics
      • Industrial Control Systems
      • Offensive Operations
      Subscribe to SANS Newsletters
      Receive curated news, vulnerabilities, & security awareness tips
      United States
      Canada
      United Kingdom
      Spain
      Belgium
      Denmark
      Norway
      Netherlands
      Australia
      India
      Japan
      Singapore
      Afghanistan
      Aland Islands
      Albania
      Algeria
      American Samoa
      Andorra
      Angola
      Anguilla
      Antarctica
      Antigua and Barbuda
      Argentina
      Armenia
      Aruba
      Austria
      Azerbaijan
      Bahamas
      Bahrain
      Bangladesh
      Barbados
      Belarus
      Belize
      Benin
      Bermuda
      Bhutan
      Bolivia
      Bonaire, Sint Eustatius, and Saba
      Bosnia And Herzegovina
      Botswana
      Bouvet Island
      Brazil
      British Indian Ocean Territory
      Brunei Darussalam
      Bulgaria
      Burkina Faso
      Burundi
      Cambodia
      Cameroon
      Cape Verde
      Cayman Islands
      Central African Republic
      Chad
      Chile
      China
      Christmas Island
      Cocos (Keeling) Islands
      Colombia
      Comoros
      Cook Islands
      Costa Rica
      Croatia (Local Name: Hrvatska)
      Curacao
      Cyprus
      Czech Republic
      Democratic Republic of the Congo
      Djibouti
      Dominica
      Dominican Republic
      East Timor
      East Timor
      Ecuador
      Egypt
      El Salvador
      Equatorial Guinea
      Eritrea
      Estonia
      Ethiopia
      Falkland Islands (Malvinas)
      Faroe Islands
      Fiji
      Finland
      France
      French Guiana
      French Polynesia
      French Southern Territories
      Gabon
      Gambia
      Georgia
      Germany
      Ghana
      Gibraltar
      Greece
      Greenland
      Grenada
      Guadeloupe
      Guam
      Guatemala
      Guernsey
      Guinea
      Guinea-Bissau
      Guyana
      Haiti
      Heard And McDonald Islands
      Honduras
      Hong Kong
      Hungary
      Iceland
      Indonesia
      Iraq
      Ireland
      Isle of Man
      Israel
      Italy
      Jamaica
      Jersey
      Jordan
      Kazakhstan
      Kenya
      Kiribati
      Korea, Republic Of
      Kosovo
      Kuwait
      Kyrgyzstan
      Lao People's Democratic Republic
      Latvia
      Lebanon
      Lesotho
      Liberia
      Liechtenstein
      Lithuania
      Luxembourg
      Macau
      Macedonia
      Madagascar
      Malawi
      Malaysia
      Maldives
      Mali
      Malta
      Marshall Islands
      Martinique
      Mauritania
      Mauritius
      Mayotte
      Mexico
      Micronesia, Federated States Of
      Moldova, Republic Of
      Monaco
      Mongolia
      Montenegro
      Montserrat
      Morocco
      Mozambique
      Myanmar
      Namibia
      Nauru
      Nepal
      Netherlands Antilles
      New Caledonia
      New Zealand
      Nicaragua
      Niger
      Nigeria
      Niue
      Norfolk Island
      Northern Mariana Islands
      Oman
      Pakistan
      Palau
      Palestine
      Panama
      Papua New Guinea
      Paraguay
      Peru
      Philippines
      Pitcairn
      Poland
      Portugal
      Puerto Rico
      Qatar
      Reunion
      Romania
      Russian Federation
      Rwanda
      Saint Bartholemy
      Saint Kitts And Nevis
      Saint Lucia
      Saint Martin
      Saint Vincent And The Grenadines
      Samoa
      San Marino
      Sao Tome And Principe
      Saudi Arabia
      Senegal
      Serbia
      Seychelles
      Sierra Leone
      Sint Maarten
      Slovakia
      Slovenia
      Solomon Islands
      South Africa
      South Georgia and the South Sandwich Islands
      South Sudan
      Sri Lanka
      St. Helena
      St. Pierre And Miquelon
      Suriname
      Svalbard And Jan Mayen Islands
      Swaziland
      Sweden
      Switzerland
      Taiwan
      Tajikistan
      Tanzania
      Thailand
      Togo
      Tokelau
      Tonga
      Trinidad And Tobago
      Tunisia
      Turkey
      Turkmenistan
      Turks And Caicos Islands
      Tuvalu
      Uganda
      Ukraine
      United Arab Emirates
      United States Minor Outlying Islands
      Uruguay
      Uzbekistan
      Vanuatu
      Vatican City
      Venezuela
      Vietnam
      Virgin Islands (British)
      Virgin Islands (U.S.)
      Wallis And Futuna Islands
      Western Sahara
      Yemen
      Yugoslavia
      Zambia
      Zimbabwe

      By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

      This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
      • © 2023 SANS™ Institute
      • Privacy Policy
      • Contact
      • Careers
      • Twitter
      • Facebook
      • Youtube
      • LinkedIn