CFID v3.0 - Covert Forensic Imaging Device

Maybe the situation is too dangerous…Maybe the operation has a limited footprint requirement…Maybe the operator did not know he is going to need to do a forensic acquisition and wasn’t able to pack the dedicated write blocker, forensic laptop, dongles, and cables..

For this reason, the CFID was meant to be operated by anyone… and anywhere.

It takes 4 clicks on the simple, fat-finger friendly touch screen to begin an E01 or dd style image of a suspect media device. The CFID also employs haptic feedback (vibration) to alert the operator when an imaging process is complete.

1. TURN ON THE CFID.
2. INSERT SOURCE DEVICE.
3. INSERT DESTINATION DEVICE.
4. CLICK ‘IMAGE’, THEN CONFIRM SOURCE, CONFIRM DESTINATION, AND CLICK START.

Once finished, the operator will have a full image of the source device on his own external device that can be handed off to a forensic expert for analysis whenever possible.

The CFID performs forensic acquisitions while ensuring the following industry standard conditions are met:

1. MD5 AND SHA (1,256) CHECK-SUMS ARE COMPUTED.
2. SOURCE DEVICE IS WRITE-BLOCKED TO ENSURE NO DATA IS EVER MODIFIED ON IT.
3. IMAGES ARE CREATED IN STANDARD DD OR E01 FORMATS FOR COMPATIBILITY WITH ANY MAJOR ANALYSIS TOOL.
4. BLOCK SIZE CAN BE SET FOR INCREASED PERFORMANCE DURING THE IMAGE PROCESS FROM 1 SECTOR, TO 1 MB.
5. COMPRESSION CAN BE ENABLED TO OPTIMIZE DESTINATION DRIVE FOR SPACE WHEN IMAGING LARGE DRIVES.

It features a 6100mah Li-Poly rechargeable battery that will last 4-6 hours with normal usage on a single charge.

Because the unit features a USB device port, you can charge the CFID from any usb port on any other usb device including laptops, desktops, or cell phone charging ports.

1. CHARGE VIA STANDARD USB 3.0 PORT ON ANY LAPTOP, DESKTOP OR DESKTOP AND WILL NOT REGISTER AS A DEVICE.
2. 6100MAH LI-POLY RECHARGEABLE BATTERY.
3. LESS THAN 1″ DEEP AND WITH A SMALLER OUTLINE THAN A SMARTPHONE THIS IS A TRULY HANDHELD AND PORTABLE PRODUCT.
4. FITS EASILY IN A POCKET.

The CFID is designed to perform any of the 7 main tasks below. It’s main functions are to Image, Clone, Mobile extractions and Sim card analysis, but it can be a very useful and handy tool when used to wipe, format and copy drives.

IMAGING
Imaging creates a forensic image of the source device as a file on the destination device. The file can be compressed, and check sums can be computed on the fly.

CLONING
Cloning duplicates one block level device onto another. You can set the block size to optimize clone speed.

IOS & ANDROID BACKUP EXTRACTIONS
The CFID can perform backups of iOS & Android devices. Giving all data from backups recently done on that phone.

SIM CARD ANALYSIS
Sim card analysis allows users to forensically image, store and analyze on the device. Easy analysis is provided directly on the CFID giving the serial number, the acquisition date, sms messages and contacts on that sim card.

WIPING
Wiping can be done 3 different ways. It is important to select the right one based on your time available and forensic requirements.

a. Wiping can wipe a pattern of all zeros ʻ00000000….ʼ to a block level device at the device level.
b. Wiping can wipe a random pattern to a block level device at the device level.

FORMATTING
Formatting will wipe the partition table of a drive and create a fat32, NTFS, or ext file- system on a newly created partition. This does not wipe the drive, but quickly creates a new partition table with a single formatted primary partition. This is useful to prepare a destination drive, or personal drive prior to use.

COPYING
Copying will allow you to copy only the active files from either of the source drives (SD or USB) or from the Internal drive, to the destination USBdrive, or the Internal drive. The CFID mounts the source drive as read-only if this option is used. This feature is useful when only the active content is required and a forensic image is not required.