Logicube Falcon-NEO User Manual page 59

Hide thumbs Also See for Falcon-NEO:

User manual (162 pages)

Application note (12 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

page of 144

/ 144
Contents
Table of Contents
Bookmarks

Table of Contents

unlocking the BitLocker encrypted volume requires going through the Partition

to File mode.

Net Traffic to File – Capture network traffic data using this imaging mode.

•

Network traffic that can be captured can include local network activity, internet

activity, and VOIP activity. The data is saved and stored to a *.pcanpg file format.

Drive to Drive – Performs a bit-for-bit copy of the Source producing an exact

•

duplicate of the Source drive.

File to Drive (Image Restore) – Restores DD, E01, EX01, and DMG images

•

created by the Falcon-NEO.

Details on the different screens found in the Imaging operation can be found in

Imaging.

HASH/VERIFY

– Perform a SHA-1, SHA-256, or MD5 hash of a drive or verify the file hash

of a case (image).

WIPE/FORMAT

There are three main settings:

Secure Erase – Sends a command to the drive instructing it to perform a secure

•

erase based on the drive manufacturer's specifications.

Wipe Patterns – Allows the user to set a specific pattern to use for wiping the

•

drive. The number of passes is customizable (up to 7 passes) along with the type

of data written for each pass. In addition, a 7-pass DoD wipe can be set.

Format – Formats the Destination using any of the following file systems (with or

•

without AES-256 encryption):

EXT4

NTFS

EXFAT

FAT32

PUSH

– The network Push feature gives users the ability to push evidence files from

destination drives connected to the Falcon-NEO or from a Falcon-NEO repository to a

network location. The Push feature provides a more secure method than simply copying

and pasting to the analysis computer by performing an MD5 or SHA hash during the

push process. Additionally, users can select to verify the file transfer to ensure data

integrity. Network users can then quickly preview data or copy data to a local drive or to

any other directory on the network. The Falcon-NEO will create a log file for each push

process.

TASK MACRO

– S

another). For example, a macro can be set to perform these tasks in order: Wipe, image,

hash, push, then wipe again

FILE BROWSER

the Falcon-NEO. The Falcon-NEO will show all viewable partitions and the contents of

each partition.

LOGS

– Display logs of each task that has been performed on the Falcon-NEO.

STATISTICS

– This will display several tabs that include:

Logicube Falcon

-Neo User's Manual

– This type of operation is used to erase, wipe, and/or format drives.

et up to nine (9) different tasks to perform sequentially (one after

– Preview the contents of all connected Source or Destination drives on

TYPES OF OPERATIONS

Chapter

Table of Contents

Need help?

Do you have a question about the Falcon-NEO and is the answer not in the manual?

Logicube Falcon-NEO User Manual page 59

Need help?

Questions and answers

Related Products for Logicube Falcon-NEO

Logicube Falcon-NEO User Manual page 59

Need help?

Questions and answers

Related Manuals for Logicube Falcon-NEO

Related Products for Logicube Falcon-NEO

Table of Contents