CFID was designed for forward deployed military, intelligence, and law enforcement personnel who need a simple, small, portable and inconspicuous solution for imaging, cloning, copying and wiping data from portable media such as USB and SD Cards. The additional capabilities including iOS, Android and Sim Card extraction as well as direct PC and Laptop acquisition make the CFID a multipurpose solution for the field and lab use.
Thumb-Drives, SD Cards, Sim Cards, iOS Devices, Android Phones and Laptops represent the source of the most common forms of digital evidence recovered today. While some computer and cell phone forensic tools are equipped to collect data from these media, a standalone tool dedicated to the task will improve efficiency and free up equipment. Most importantly however, using a dedicated device will greatly simplify and speed up the process.
Forensically Image or Clone a device…All from the palm of your hand.
The CFID has seven primary functions: Image, Clone, Copy, Format, Wipe, Mobile Extraction (iOS, Android), and Sim Card Extraction, as well as PC and Laptop Imaging and Copying. each executed through the simple touch screen interface. It captures the serial number and make model of each device encountered as well.
A suitcase is handheld. This handheld device fits in your hand.
The CFID provides 64GB of internal storage with allowing for external storage as well. When imaging a device, the system creates a folder for each image acquired, and each folder is named with a reference number date-time stamp. The file can be split, compressed and hashed for as required for reference by the forensic examiner.
Keep It Simple
Data collection by field operatives can quickly become an increasingly complicated and time-consuming task. While a number of tools have been successfully deployed to capture data from various media types, the scope and quantity of devices being found warrants a better means of collection. We need a simple, covert and effective device for portable media acquisition.
We cannot always send out our most highly trained forensic experts to the front lines to image and collect portable media.
Maybe the situation is too dangerous…Maybe the operation has a limited footprint requirement…Maybe the operator did not know he is going to need to do a forensic acquisition and wasn’t able to pack the dedicated write blocker, forensic laptop, dongles, and cables..
For this reason, the CFID was meant to be operated by anyone… and anywhere.
It takes 4 clicks on the simple, fat-finger friendly touch screen to begin an E01 or dd style image of a suspect media device. The CFID also employs haptic feedback (vibration) to alert the operator when an imaging process is complete.
1. TURN ON THE CFID.
2. INSERT SOURCE DEVICE.
3. INSERT DESTINATION DEVICE.
4. CLICK ‘IMAGE’, THEN CONFIRM SOURCE, CONFIRM DESTINATION, AND CLICK START.
Once finished, the operator will have a full image of the source device on his own external device that can be handed off to a forensic expert for analysis whenever possible.
In this business every single byte counts. Even more, every single bit counts.
The CFID performs forensic acquisitions while ensuring the following industry standard conditions are met:
1. MD5 AND SHA (1,256) CHECK-SUMS ARE COMPUTED.
2. SOURCE DEVICE IS WRITE-BLOCKED TO ENSURE NO DATA IS EVER MODIFIED ON IT.
3. IMAGES ARE CREATED IN STANDARD DD OR E01 FORMATS FOR COMPATIBILITY WITH ANY MAJOR ANALYSIS TOOL.
4. BLOCK SIZE CAN BE SET FOR INCREASED PERFORMANCE DURING THE IMAGE PROCESS FROM 1 SECTOR, TO 1 MB.
5. COMPRESSION CAN BE ENABLED TO OPTIMIZE DESTINATION DRIVE FOR SPACE WHEN IMAGING LARGE DRIVES.
The CFID is the worlds first battery powered, truly portable, handheld forensic imaging device.
It features a 6100mah Li-Poly rechargeable battery that will last 4-6 hours with normal usage on a single charge.
Because the unit features a USB device port, you can charge the CFID from any usb port on any other usb device including laptops, destops, or cell phone charging ports.
1. CHARGE VIA STANDARD USB 3.0 PORT ON ANY LAPTOP, DESKTOP OR DESKTOP AND WILL NOT REGISTER AS A DEVICE.
2. 6100MAH LI-POLY RECHARGEABLE BATTERY.
3. LESS THAN 1″ DEEP AND WITH A SMALLER OUTLINE THAN A SMARTPHONE THIS IS A TRULY HANDHELD AND PORTABLE PRODUCT.
4. FITS EASILY IN A POCKET.
The CFID is designed to perform any of the 7 main tasks below. It’s main functions are to Image, Clone, Mobile extractions and Sim card analysis, but it can be a very useful and handy tool when used to wipe, format and copy drives.
Imaging creates a forensic image of the source device as a file on the destination device. The file can be compressed, and check sums can be computed on the fly.
Cloning duplicates one block level device onto another. You can set the block size to optimize clone speed.
IOS & ANDROID BACKUP EXTRACTIONS
The CFID can perform backups of iOS & Android devices. Giving all data from backups recently done on that phone.
SIM CARD ANALYSIS
Sim card analysis allows users to forensically image, store and analyze on the device. Easy analysis is provided directly on the CFID giving the serial number, the acquisition date, sms messages and contacts on that sim card.
Wiping can be done 3 different ways. It is important to select the right one based on your time available and forensic requirements.
a. Wiping can wipe a pattern of all zeros ʻ00000000….ʼ to a block level device at the device level.
b. Wiping can wipe a random pattern to a block level device at the device level.
Formatting will wipe the partition table of a drive and create a fat32, NTFS, or ext file- system on a newly created partition. This does not wipe the drive, but quickly creates a new partition table with a single formatted primary partition. This is useful to prepare a destination drive, or personal drive prior to use.
Copying will allow you to copy only the active files from either of the source drives (SD or USB) or from the Internal drive, to the destination USBdrive, or the Internal drive. The CFID mounts the source drive as read-only if this option is used. This feature is useful when only the active content is required and a forensic image is not required.