manualshive.com logo in svg

Logicube F-FALCON-SA, User Manual

The Logicube F-FALCON-SA is a versatile digital forensic imaging solution. Ensure optimal use of your device by downloading the free User Manual from our website. Access step-by-step instructions and troubleshooting tips to maximize the potential of your Logicube F-FALCON-SA. Download the manual now for optimal performance.manualshive.com

Share
Download
background image

 

 

Logicube Forensic Falcon™ User’s Manual 

 

108 

8:   Drive Encryption and Decryption 

8.0   Drive Encryption/Decryption - Introduction 

The Forensic Falcon allows imaging drives onto a Destination or Repository where the data on 
the Destination drive is encrypted. There are two different modes where Encryption is 
supported: Drive to File and File to File.  

 

Drive to File – 

Images the Source to any of the following image output formats: 

DD

E01

and 

EX01

. This will have a partition level encryption where only the partition (on the 

Destination or Repository) where the images are created will be encrypted.

 

 

File to File - 

Image specific files (by filename, extension, etc.). The files will be sorted by 

path (based on where the file is located on the Source and each file will be hashed. This 
will have a partition level encryption where only the partition (on the Destination or 
Repository) where the images are created will be encrypted. 

Falcon can also decrypt drives that were encrypted using the Falcon. Alternatively, third party 
utilities can be used to decrypt a drive encrypted by the Falcon; VeraCrypt , TrueCrypt and 
FreeOTFE.  

In the 

System Settings

 screen, there is an 

Encryption Settings

 tab used to configure the Falcon 

for encryption. There are four (4) parameters that must be configured before encryption can be 
used. These parameters are necessary to decrypt and read the Destination drive and can be 
configured in the 

Encryption

 

Settings

 

page on the Falcon: 

 

Cipher Mode

 

 Users can choose between 

TC-XTS

CBC

,

 ECB

, or 

VCRYPT

 cipher modes. 

 

CBC or ECB cipher modes can be decrypted using the Falcon  or 
FreeOTFE.  

 

TC-XTS cipher mode can be decrypted using the Falcon or TrueCrypt.  

 

VCRYPT cipher mode can be decrypted using the Falcon or VeraCrypt. 

The Falcon encrypts drives using AES 256 encryption regardless of what 
cipher mode is used. If TC-XTS is used, Falcon uses a TrueCrypt friendly 
format and 

does not

 use TrueCrypt to encrypt the drive. The encryption 

key is not stored on the Destination drive. 

 

Cipher

 

 At this time, only the 

AES-256

 cipher is supported. 

 

IV Generation – 

Initialization Vector. Unavailable when TC-XTS cipher mode is selected. 

If CBC or ECB cipher mode is selected, users can choose between 

PLAIN64 

and 

ESSIV:SHA256

Summary of Contents for F-FALCON-SA

Page 1: ...Logicube Forensic Falcon User Manual I Forensic Falcon User s Manual PART F FALCON SA Logicube Inc Chatsworth CA 91311 USA Phone 818 700 8488 Fax 818 700 8466 Version 3 1 Date 01 31 17 MAN FALCON...

Page 2: ...OF THIS AGREEMENT CAREFULLY BY INSTALLING OR USING LOGICUBE PRODUCTS YOU AGREE TO BE BOUND BY THIS AGREEMENT IN NO EVENT WILL LOGICUBE BE LIABLE WHETHER UNDER THIS AGREEMENT RESULTING FROM THE PERFOR...

Page 3: ...CUBE PRODUCTS UNLESS OTHERWISE AGREED IN WRITING BY LOGICUBE NO WARRANTY IS PROVIDED TO RESELLERS OR DISTRIBUTORS OF LOGICUBE PRODUCTS IN ORDER TO RECEIVE WARRANTY SERVICES CONTACT LOGICUBE S TECHNICA...

Page 4: ...LENT CHROMIUM AND CERTAIN FLAME RETARDANTS IN THE EUROPEAN UNION THIS DIRECTIVE APPLIES TO ELECTRONIC PRODUCTS PLACED ON THE EU MARKET AFTER JULY 1 2006 Logicube Technical Support Contact Information...

Page 5: ...1 TURNING THE FALCON ON AND OFF 9 2 2 CONNECTING VARIOUS DRIVE TYPES 9 2 2 1 Connecting Source Drives 9 2 2 2 Connecting Destination Drives 10 2 2 3 Connecting USB 3 0 Drives 11 2 2 4 Using USB FireWi...

Page 6: ...e logs over a network 31 3 9 STATISTICS 32 3 10 MANAGE REPOSITORIES 32 3 11 SYSTEM SETTINGS 32 3 12 NETWORK SETTINGS 33 3 13 SOFTWARE UPDATES 33 3 14 POWER OFF 33 4 PREVIEWING DRIVES 34 4 0 PREVIEWING...

Page 7: ...5 6 0 5 Task Macro 76 6 0 5 1 Tasks 76 6 0 6 USB Device 79 6 0 6 1 Settings 80 6 0 7 File Browser 81 6 0 7 1 Viewing files from the web interface 84 6 0 7 2 Important notes about using the File Browse...

Page 8: ...WARE LOADING INSTRUCTIONS 121 9 1 1 From Network Via the web 121 9 1 2 From USB Drive Via software download 122 9 1 2 1 Extracting the software download on a computer with WinZip or other third party...

Page 9: ...2 TURNING THE FALCON WITH SCSI MODULE ON AND OFF 145 13 3 CONNECTING DRIVES 146 13 3 1 Connecting SCSI Source and Destination Drives 147 14 USB BOOT CLIENT 148 14 0 USB BOOT CLIENT INTRODUCTION 148 1...

Page 10: ...n Image and verify to the following formats native copy dd image e01 ex01 and file based copy Compression available for E01 Ex01 formats Uses SHA1 SHA256 MD5 and dual hash MD5 SHA1 authentication 4 So...

Page 11: ...n a PC Users can also preview source or destination drives using the USB connection from the Falcon to a computer or by using the SMB protocol The iSCSI protocol can be used to preview source drives W...

Page 12: ...and save configurations drive time out feature automatically puts drives in stand by mode after a specified idle time task completed audible beep blank disk check drive spanning 7 color touch screen...

Page 13: ...o 68 pin SCSI adapters for use with SCSI Module eSATA to SATA cable converter mSATA to SATA adapter USB 3 0 to SATA Adapter USB 3 0 4 port hub PCIe adapter kit includes adapters for M 2 PCIe M 2 NVMe...

Page 14: ...the Logicube Forensic Falcon or subjecting it to sharp jolts When in use place it on a flat surface Keep the unit dry If the Forensic Falcon needs to be cleaned use a lightly damp lint free cloth Avo...

Page 15: ......

Page 16: ...ted 2 0 Overview of the Falcon Special Icons Throughout this manual there are two icons that can be seen Please pay close attention when any of these two icons are found These icons highlight addition...

Page 17: ...GETTING STARTED Logicube Forensic Falcon User s Manual 8...

Page 18: ...Graphical User Interface GUI either on the touch screen or via a browser through a remote connection navigate to the Power Off screen and tap or click the Power Off icon 2 2 Connecting various drive t...

Page 19: ...g Destination Drives Destination drives also called evidence drives must be connected to the right side of the Falcon These ports are labeled as follows SAS D1 SAS SATA data port for the Destination 1...

Page 20: ...tion For more information on the USB 3 0 hub please see Section 12 5 2 2 4 Using USB FireWire eSATA enclosures When using USB FireWire and or eSATA enclosures it is highly recommended to leave the dri...

Page 21: ...tical drives should work Logicube has tested and qualified the following optical drive Pioneer BDR XS06 Multisession support The Falcon supports imaging from a multisession CD as a Source However fore...

Page 22: ...allows the user to quickly input commands The screen is bright and easy to read 2 5 HDMI The Falcon has an HDMI port located in the back panel Simply connect an HDMI cable from the Falcon to an exter...

Page 23: ...a bit for bit copy of the Source producing an exact duplicate of the Source drive This is also known as a native copy or mirror copy Drive to File Images the Source to any of the following image outpu...

Page 24: ...Falcon can also perform Parallel Imaging A user can simultaneously perform multiple imaging tasks from the same source drive to multiple destinations using different imaging formats For example image...

Page 25: ...adjust the settings as needed Case Info File Image Method Settings or Mirror Settings HPA DCO Error Handling Hash Verification Method etc then tap the OK icon The Settings screen will be different for...

Page 26: ...Destination drive is not formatted using the Falcon the Location will appear as NOT_MOUNTED and a format icon will appear in the Format column Tap the Format icon the Destination drive For Drive to F...

Page 27: ...to tap Reset Task to reset the task and also to delete the task in order for the drive bays to be properly reset and not show as being used or assigned for other tasks to be configured The number of...

Page 28: ...ill either show True drive is blank or False 3 1 1 2 Drive Spanning Falcon can automatically span to two or more Destination drives when using Drive to File mode DD E01 EX01 When the task is started a...

Page 29: ...ected After selecting the next Destination Repository to be used tap the OK icon If the next Destination drive selected requires formatting the Falcon will show the format icon allowing the drive to b...

Page 30: ...ate the hash for the specified drive or validate the hash value for that drive There are two modes available DRIVE HASH This mode will hash any connected drive on an active Source or Destination port...

Page 31: ...ecommended to tap Reset Task to reset the task and also to delete the task in order for the drive bays to be properly reset and not show as being used or assigned for other tasks to be configured 3 3...

Page 32: ...how to encrypt a drive can be found in Section 8 1 1 3 3 1 Step by step instructions Wipe Format 1 Select Wipe from the types of operation on the left side 2 Tap the Destination icon and select one or...

Page 33: ...encrypt the drive The encryption key is not stored on the Destination drive 7 Optional Tap Case Info to set the Case File Name Case ID Examiner Evidence ID or Case Notes The Falcon will convert any no...

Page 34: ...location a network repository must be set up Details on how to add a repository can be found in Section 6 0 10 1 Follow these steps to set up a Push operation 1 Select Push from the types of operation...

Page 35: ...uding but not limited to infrastructure capacity architecture and traffic 3 5 Task Macros This operation allows up to five 5 macros that can be set Each macro can run up to nine 9 tasks sequentially o...

Page 36: ...Falcon to a computer via USB allows the user to view any drive connected to the Falcon In this mode all drives connected to the Falcon are write protected 2 7 1 Step by step instructions USB Device 1...

Page 37: ...s can be opened by the Falcon Files opened by the file browser will not alter the drive in any way If a file cannot be previewed the following message will appear 3 7 1 Step by step instructions File...

Page 38: ...the Destination drive in the same folder as the image files The log files may contain a partial hash This hash is for Falcon s internal purposes only and cannot be validated by any other means The par...

Page 39: ...or EXT4 file system b Tap the Export icon to export the log file via USB The log will be exported copied to the attached USB drive and will be in HTML PDF and XML formats Repeat steps 2 through 4 if o...

Page 40: ...or all the log files depending on which was selected The password can be set in the Systems Settings More information about the log file deletion password can be found in Section 6 0 11 2 3 8 3 Acces...

Page 41: ...re installed The Adv Drive Statistics tab displays S M A R T information taken directly from what the drive is reporting Network Interface Stats Displays the Network Interface statistics Receive and T...

Page 42: ...proxy server for internet access will require proxy settings for devices like the Falcon to connect to the Internet This typically includes a server or IP address a host port a username and password...

Page 43: ...iSCSI protocol Source drives only Using a file explorer Drives connected to the Source ports are always write protected Previewing the contents of these drives will not alter the drive or its contents...

Page 44: ...d software Logical access to partitions viewable by the computer s Operating System Partitions are searchable using the Operating System s search functions Third party analysis tools and software can...

Page 45: ...computer s Operating System and installed software This can be useful when the Falcon is out on the field and there is an available laptop Connecting the two devices directly together with a network...

Page 46: ...ection See Section 3 6 and 6 0 6 for details on how to use the USB Device feature 4 4 SMB The Falcon can be accessed from a computer through a direct network cable connection or through a network One...

Page 47: ...software installed and configured on the computer To use the iSCSI protocol an iSCSI initiator must be installed and configured to view the contents of drives connected to the Falcon over a network L...

Page 48: ...be performed in order from left to right There are four selections when performing an image Mode Source Settings Destination 5 0 1 Mode Tap this icon to choose between the following four imaging mode...

Page 49: ...ted which contains a list of deleted files if present that can potentially be restored or recovered File to Drive Restores DD E01 EX01 images created by the Falcon to another drive 5 0 2 Source or Cas...

Page 50: ...alcon User s Manual 41 role Source or Both Source and Destination When File to Drive mode is selected the Case window will show all drives connected to Source or Destination that have DD E01 or Ex01 i...

Page 51: ...und in Drive to Drive and Drive to File modes Clone Method Settings Found in Drive to Drive mode File Image Method Settings Found in Drive to File mode Filter Settings Found in File to File mode Root...

Page 52: ...y entering a Case File Name For example if a DD or E01 image is performed and the Case File Name is set to TestCase the log name and file name will be called TestCase Subsequent Case File Names that a...

Page 53: ...imaged Select YES to unlock and image a Host Protected Area HPA or Device Configuration Overlay DCO HPA Host Protected Area can limit the size of a hard drive but it can also change many other setting...

Page 54: ...he Destination drive s capacity to 120GB to match the Source drive exactly SAMPLE SOURCE DRIVE SAMPLE DESTINATION DRIVE PRIOR TO DRIVE TRIM SAMPLE DESTINATION DRIVE AFTER DRIVE TRIM Drive Trim is only...

Page 55: ...THE WIPE SETTINGS Set Secure Erase to OFF Set Wipe Patterns to Mode Custom HPA DCO YES TRUE LBAS Edit to 1 LBA PASSES By default this will have a random value set XX To set the LBA to 1 go to LBAS th...

Page 56: ...ive or file Falcon also has a setting for error granularity There are 3 options 1 sector 512 Bytes 4096 Bytes 8 sectors 64 KIB 128 sectors When a bad sector on the source drive is found by default it...

Page 57: ...f blocks from the start of the Source Master For forensic purposes this is typically set to 0 or the beginning of the Source Master Target Start Set the percentage or number of blocks from the start o...

Page 58: ...uncompressed EnCase legacy evidence file format EX01 Compressed or uncompressed EnCase evidence file format SEGMENT SIZE Allows the user to set the output segment size file size Choose from 2 GB 4 GB...

Page 59: ...and the following screen will appear This screen allows the user to set several filters path file signatures keywords and setting an incorrect filter or setting the filter too narrow may adversely aff...

Page 60: ...ning the different expressions than can be used Simply search the Internet for POSIX Extended Regular Expressions Below are some examples of what can be entered in the Custom Filter Example 1 A single...

Page 61: ...4 File extensions without a wildcard at the end If a search is desired for a specific filename without any wildcard afterwards a has to be added to the syntax Using the example above in example 3 you...

Page 62: ...to File mode is selected Root Directory will appear on the top right side of the Settings screen Tap Root Directory and the following screen will appear In this screen the top level root directory can...

Page 63: ...01 Archive Results will be in Encase s LX01 archive format Zip Archive Results will be in a Zip archive format 5 0 3 9 Hash Verification Method This setting can be found in Drive to Drive Drive to Fil...

Page 64: ...lable when using the following modes o When using E01 method in Drive to File o When using EX01 method in Drive to File Verification Method Select YES to hash the Destination and verify that hash with...

Page 65: ...drives connected to the Destination positions When Drive to File or File to File mode is selected the Destination screen will show all drives connected to the Destination positions and any repository...

Page 66: ...Details on encryption can be found in Chapter 8 of the Falcon User s Manual For details on formatting a drive see Section 6 0 3 2 3 Formatting the drive may take up to two minutes Tap the OK icon to c...

Page 67: ...ocessed When Verify is set to Yes the reported number will double in size For parallel imaging prior to starting the first task users must set all other tasks that need to be run in parallel When all...

Page 68: ...r bit copy of the Source producing an exact duplicate of the Source drive b Drive to File Images the Source to any of the following image output formats DD E01 EX01 or File Compression is available fo...

Page 69: ...the push process Additionally users can select to verify the file transfer to ensure data integrity Network users can then quickly preview data or copy data to a local drive or to any other directory...

Page 70: ...ws the user to set proxy settings if required by their network 13 SOFTWARE UPDATES Perform software updates on the Falcon Software can be updated over an internet connection from network or from a USB...

Page 71: ...e are four selections when performing a Hash or Verify Mode Drives Settings and Case Info 6 0 2 1 Mode Tap this icon to choose the mode Drive Hash will hash a drive based on Logical Block Addresses LB...

Page 72: ...tings 6 0 2 3 1 Drive Hash Settings If Drive Hash mode was chosen the Hash Settings screen will appear Tap this icon to set the hash method SHA 1 SHA 256 or MD5 and to set the expected hash value if d...

Page 73: ...SHA 256 By default this value will have 0s zeros If this is not changed or no value is entered this will instruct the Falcon to hash the drive using the selected algorithm in the previous step If a v...

Page 74: ...the drive When the Falcon finishes hashing the drive the following screen will appear showing the task completed Tap the Info icon on the left of the completed screen to see both the expected hash va...

Page 75: ...mation on the Case Info screen can be found in Section 5 0 3 1 Tap any of the boxes and an on screen keyboard will appear allowing information to be entered After entering the information tap the OK i...

Page 76: ...to use for wiping the drive The number of passes is customizable up to 7 passes along with the type of data written for each pass In addition a 7 pass DoD wipe can be set with pre selected pass value...

Page 77: ...s screen Secure Erase Wipe Patterns Format The Falcon will perform each of the settings sequentially For example if Secure Erase is set to ON a Wipe Pattern mode is specified and Format is set to On t...

Page 78: ...urity Erase Unit commands the enhanced command will be sent For questions on how each drive supports these features or what the drive will do with these commands please contact the drive manufacturer...

Page 79: ...the Wipe Mode screen showing 3 options NONE Choosing this will instruct the Falcon not to perform a wipe using Wipe Mode DOD Choosing this will instruct the Falcon to perform a 7 pass wipe conforming...

Page 80: ...n Mode selected If None was selected this is not selectable If DoD was selected all 7 passes will be pre filled Users can edit the pass values if desired by tapping the edit icon If Custom was selecte...

Page 81: ...ination drive for proper formatting prior to being used as a Destination or Repository for Imaging using Drive to File or File to File If it is not properly formatted Destination drive must be formatt...

Page 82: ...more information on encrypted Destination drives please see Chapter 8 Drive Encryption and Decryption 6 0 3 3 Case Info The Case Info setting allows users to enter some information about the case This...

Page 83: ...h The network Push feature gives users the ability to push evidence files from destination drives connected to the Falcon or from a Falcon repository to a network location or a Destination drive conne...

Page 84: ...cases to push then tap the OK button to continue If no cases are selected all cases found on the drive or repository will be pushed 6 0 4 2 Settings Optional Tap this icon to enter case info and to se...

Page 85: ...mber as seen in the next picture Each task or operation must be set up before setting up the macro For example to set up a Task Macro that will perform a wipe then image users must first set up both t...

Page 86: ...d will appear on the list To delete an operation tap the X to the right of the operation When finished tap the OK icon A summary of the macro will be seen To start the macro and have the Falcon perfor...

Page 87: ...t the Imaging task Select Drive to Drive as the Mode Select SAS_S1 as the Source Change the settings as needed Select SAS_D1 as the Destination Do not start this task 3 Choose Task Macro from the list...

Page 88: ...he Falcon In this mode all drives connected to the Falcon are write protected When this type of operating is selected the following screen will appear When using this type of operation use the USB Dev...

Page 89: ...letter to the selected drive The contents of the drive should now be accessible in Windows When finished tap the DISENGAGE icon to disengage the USB mode The USB cable can now be disconnected from the...

Page 90: ...FIXED DRIVE Will make it so that the connected computer s Operating System sees the connected drive as a fixed drive non removable REMOVABLE The connected computer s Operating System will see the conn...

Page 91: ...Drives connected to the Destination ports are not write protected The File Browser function only opens a file and does not modify the contents of the file The only change to the contents of the desti...

Page 92: ...ou to the top level of the drive B Up One Level Tap this icon to go up one level one folder directory C Path Displays the current path to the folder directory being viewed Falcon can open and preview...

Page 93: ...b interface navigate to File Browser 3 Select the drive to view 4 Navigate through the file browser and locate the file to download and open 5 From the File Browser screen right click on the file and...

Page 94: ...n s web interface see Section 6 0 7 1 for more information on viewing files from the web interface 6 0 8 Logs The Falcon keeps logs of all imaging hash wipe format and push operations Logs can be view...

Page 95: ...CTime The current UTC time Version The current software version BuildDate The build date of the software HostName The hostname that can be used when connecting to the Falcon via a network N W Interfac...

Page 96: ...m protocols iSCSI Internet Small Computer System Interface protocol Networks are configured differently and may require the assistance of a Network or Systems Administrator 6 0 10 1 Add Remove A list...

Page 97: ...me to set the name of the repository Tap the OK icon when finished Tap Drive to select a drive or network share to set as a repository Tap the OK icon when finished Tap Network Settings to enter the n...

Page 98: ...the at the end of the share name For example ip_or_hostname sharename Tap Role and input the role for this repository Tap OK when finished The repository will only appear as a Source when File to File...

Page 99: ...0 11 1 6 0 10 2 iSCSI This screen allows a user to add a repository using the iSCSI protocol To add a repository using the iSCSI protocol an iSCSI Target must be setup on the remote system Since netw...

Page 100: ...gure six different settings for the Falcon User Profiles Configurations Passwords Encryption Settings Language Time Zone Display Notifications 6 0 11 1 User Profiles Configurations This screen shows a...

Page 101: ...e saved When a profile configuration is loaded using the Load icon the Falcon will load that configuration during its boot process For example if the user wants the Falcon to always boot up with the d...

Page 102: ...the E01 2GB DB profile To delete a profile tap the delete icon A confirmation screen will appear Tap the Yes icon to delete the selected profile It is highly recommended that the Falcon is turned off...

Page 103: ...the correct key or password Different types of operations can still be started For example when the Falcon is locked and it is configured for Drive to File Imaging mode the user will be unable to chan...

Page 104: ...k can be started but no settings can be changed Additionally no new task can be added and no task can be deleted without the unlock key Wipe A wipe task can be started but no settings can be changed A...

Page 105: ...ction cannot be accessed without the unlock key Software Updates This entire section cannot be accessed without the unlock key Power Off This entire section cannot be accessed without the unlock key T...

Page 106: ...s the enter key This will show a list of databases or configurations saved The example below shows two databases the default initial db and Lock db The db that shows an asterisk before the name is the...

Page 107: ...e used These 4 parameters are necessary to decrypt and read the Destination drive properly Cipher Mode Users can choose between TC XTS CBC cbc plain64 or ECB cbc essiv sha256 cipher modes Cipher At th...

Page 108: ...is screen also allows the time zone to be set 6 0 11 4 1 Language Four languages are available at this time Select English Chinese Korean or Japanese to change the language displayed As soon as the se...

Page 109: ...brightness may need to be adjusted depending on the user s preference To adjust the brightness use the left or right arrow icons on the screen The screen s brightness will adjust accordingly The scree...

Page 110: ...Internet browser 6 0 11 6 Notifications To access the Notifications tab in the System Settings screen tap the right navigation arrow below the Forensic Falcon logo located on the top right of the scr...

Page 111: ...block Iperf traffic a network tool to measure bandwidth performance Ping Disabling this will block ping access to the Falcon Disabling any of the services above will disallow the types of communicatio...

Page 112: ...set the IP address or server name and port of the proxy server 6 0 12 2 2 Username Password If the proxy server requires a username and password for authentication tap the Username Password icon to se...

Page 113: ...http www logicube com knowledge forensic falcon In depth information on updating the Falcon software can be found in Chapter 9 Updating the Falcon Software 6 0 14 Power Off There are two tabs in the P...

Page 114: ...n how to make this utility work in our scenario For Ext2fsd support please visit their website above 7 0 1 Step by step instructions Using Ext2fsd 1 Download and install Ext2fsd from the website above...

Page 115: ...screen shot of the full Volume Manager window 4 Double click the drive Alternatively the drive can be highlighted then from the menu system go to Tools then Ext2 Volume Management The following scree...

Page 116: ...ess it is absolutely certain that the mounted drive needs to be over written or erased whether partially or fully 5 The following confirmation screen will appear Click OK to continue 6 Close the Ext2f...

Page 117: ...ty utilities can be used to decrypt a drive encrypted by the Falcon VeraCrypt TrueCrypt and FreeOTFE In the System Settings screen there is an Encryption Settings tab used to configure the Falcon for...

Page 118: ...ncryption Settings tab 3 Set the Cipher Mode Cipher IV Generation and Password 4 Select Wipe from the types of operation on the left side 5 Tap the Destination icon and select the Destination drive to...

Page 119: ...used the encryption settings and configuration can be saved as a profile so they do not have to be entered manually all the time 8 2 Decrypting a Falcon encrypted Destination drive with a Falcon Falco...

Page 120: ...the computer and the Falcon Connect the USB B connector to the Falcon s USB Device Port located on the back panel of the Falcon Connect the USB A connector to an available USB port on the computer Wh...

Page 121: ...http en kioskea net faq 3914 windows 7 disable signature verification of drivers There are other ways of installing unsigned drivers Several different ways can be found by searching the Internet for i...

Page 122: ...CRYPTION DECRYPTION Logicube Forensic Falcon User s Manual 113 1 Once the drive is connected to the computer Open VeraCrypt 2 Click Select Device and choose the partition of the connected drive then c...

Page 123: ...NCRYPTION DECRYPTION Logicube Forensic Falcon User s Manual 114 3 Click Mount 4 Type the encryption password in the Password field then click OK 5 The drive should now be mounted and assigned a drive...

Page 124: ...ts TrueCrypt properly installed A drive encrypted by the Falcon using the TC XTS cipher mode connected to the computer with TrueCrypt 1 Open TrueCrypt and select Volumes from the menu system then clic...

Page 125: ...password screen will appear Enter the password used to encrypt the drive then click OK to continue TrueCrypt has a setting to mount the drive as read only which is a software write block This setting...

Page 126: ...not installed the following messages may appear in Windows Make sure Ext2Fsd is installed if the Destination drive was formatted with the EXT4 file system 8 3 4 Decrypting using FreeOTFE Requirements...

Page 127: ...partition table on the drive since it is encrypted at this time 3 In the Key tab enter the Key password and make sure the Hash is set to RIPEMD 160 4 In the Encryption tab set the Cipher to AES 256 bi...

Page 128: ...or 1048576 bytes OPTIONAL In the Mount options tab the disk can also be mounted with write protection To do so make sure the Mount readonly option is checked Windows may not mount the drive if this op...

Page 129: ...e Forensic Falcon User s Manual 120 7 FreeOTFE will mount the drive and assign a drive letter 8 Click the OK button to continue The drive should appear in the FreeOTFE window 9 The Destination drive s...

Page 130: ...ternet traffic The most up to date instructions on updating the software can be found on the Falcon s support page at http www logicube com knowledge forensic falcon 9 1 1 From Network Via the web 1 C...

Page 131: ...ot be in any folder Do not connect the USB flash drive yet The Falcon will display a message when to connect the USB drive If the computer being used to extract the contents of the downloaded zip file...

Page 132: ...zip software it is highly recommended to use the built in utility in Windows If the downloaded zip file is highlighted and WinZip is installed there will be an option to Open with WinZip A computer wi...

Page 133: ...ABE Tap the Update icon A message will appear FIRMWARE UPDATE COULD TAKE UP TO A FEW MINUTES TO COMPLETE PLEASE DO NOT INTERRUPT POWER DURING THIS TIME ON COMPLETION THE UNIT WILL AUTO RESTART AND CON...

Page 134: ...rface that can be accessed one of two ways i Telnet via a network connection ii SSH Secure Shell via a network connection BROWSER COMPATIBILITY Google Chrome and Mozilla Firefox are recommended Other...

Page 135: ...lease contact the software manufacturer 10 3 Installing the Telnet client in Windows By default the Telnet Client is not installed with Windows but it can be installed it by following the steps below...

Page 136: ...to be downloaded and installed to connect via SSH For instructions and support on how to use third party SSH clients please contact the SSH client s manufacturer 1 Connect the Falcon to the network b...

Page 137: ...n can be configured with a static IP address and needs to be connected to a network with DHCP first 10 5 1 Step by step instructions Static IP address 1 Connect the Falcon to a network with DHCP 2 Tur...

Page 138: ...an be checked by going to the Statistics screen 10 6 Copying User Profiles Configurations from one Falcon to another User profiles can be copied from one Falcon to another using the Command Line Inter...

Page 139: ...the other Falcons 8 Type db push xxx xxx xxx xxx where xxx is the IP address of the Falcon that the profiles configurations will be copied to for example db push 192 168 1 101 then press the Enter key...

Page 140: ...tination drives viewed over a network are write protected 11 1 Viewing Source or Destination drives over the network using SMB Contents of a Source or Destination drive can be viewed over a network us...

Page 141: ...ng you to enter password to connect to the Falcon Enter the following information a User name it b Password it 4 A folder called bays will be shown in Windows Explorer 5 Go into the bays folder and se...

Page 142: ...xt sections will discuss configuring Microsoft s iSCSI initiator in Windows 11 2 1 Configuring the iSCSI initiator Windows 7 8 and 8 1 1 Open the iSCSI initiator In the Target tab enter the Falcon s h...

Page 143: ...atically assign a drive letter for each recognized partition and the contents can be viewed in Windows This process may take several minutes depending on several factors including drive size computer...

Page 144: ...s mSATA mini SATA drives can be connected using the adapter shown above This mSATA adapter has a standard SATA connector that can connect to the Falcon using the standard SATA cables included 12 2 eSA...

Page 145: ...ards The PCIe Adapter Kit includes A PCIe ExpressCard adapter M 2 to PCIe Adapter Mini PCIe to PCIe Adapter M 2 to SATA Adapter this adapter does not require the use of the express card adapter and ca...

Page 146: ...used 2 Connect the PCI Express Card Adapter F ADP PCI EXP to the PCIe port located in the back of the Falcon 3 Connect the SSD to the M 2 to PCIe Adapter F ADP M 2 PCIE 4 Connect the M 2 to PCIe Adapt...

Page 147: ...Falcon The following ports can be used SAS_S1 SAS_S2 SAS_D1 or SAS_D2 12 3 3 Mini PCIe mPCIe SSDs Mini PCIe mPCIe SSDs require the Mini PCIe to PCIe Adapter F ADP MINI PCIE and the PCI Express Card Ad...

Page 148: ...re the mSATA to SATA Adapter F ADP Z MSATA which connects directly to any of the SAS SATA cables supplied with the Falcon mSATA SSDs can be used as Source drives or Destination drives 1 Connect the SS...

Page 149: ...nication between the Adapter or USB 3 0 enclosure and the Falcon allowing the device to be detected properly For information on the USB 3 0 hub please see Section 12 5 12 5 USB 3 0 Hub Some USB 3 0 is...

Page 150: ...multi card readers are not supported and may not work with the Falcon The multi card reader supports the following formats CF CompactFlash SD SDXC MMC Micro SD Memory Stick MS Memory Stick Duo M2 X C...

Page 151: ...al adapters are available for use with 80 pin and 50 pin SCSI drives The Falcon SCSI module provides 1 SCSI write protected Source port and 1 SCSI Destination port It supports all of the Falcon featur...

Page 152: ...SCSI MODULE Logicube Forensic Falcon User s Manual 143...

Page 153: ...module Connecting the SCSI module to the Falcon can be performed in just a few steps 1 Turn the Falcon upside down and locate the expansion cover to the right of the sticker 2 Insert a small sturdy to...

Page 154: ...hile holding the Falcon with SCSI module together carefully turn the entire unit Falcon and SCSI module upside down Insert the two 2 5 screws on each front and back side and tighten the screws so the...

Page 155: ...n off or slow down after the initial start up sequence There are two ways of turning the Falcon off 1 Press and immediately release the top of the momentary on off switch in the back The Falcon will b...

Page 156: ...SCSI module and connect the other side of the cables to the SCSI drive 50 pin and 80 pin adapters are available Please contact Logicube Sales to purchase these adapters For 50 pin drives connect the 5...

Page 157: ...le The bootable flash drive allows the imaging of a Source drive from a computer on the same network without booting the native Operating System on the computer and can be imaged without having to rem...

Page 158: ...the Web Interface When the print icon is used on the web interface the browser s print dialog screen will appear This will allow printing to any configured printer on the computer as it is using the c...

Page 159: ...I type command then press the enter key 5 Type config then press the enter key 6 Type printer search then press the enter key This will instruct the Falcon to search for all local and networked printe...

Page 160: ...3600 The CLI should respond with Command DbPrinterConfig Successful 8 To save the printer configuration db save printer db or you can use any name db you prefer then press the enter key A Successful m...

Page 161: ...s follow these steps 1 Connect a USB keyboard one of the two USB ports in front of the Falcon then use the following key combinations Alt 2 then Alt Shift Enter 2 Once logicube prompt appears type the...

Page 162: ...the Graphical User Interface Alt 1 16 0 2 Changing only the logicube password For the username logicube 1 Connect a USB keyboard one of the two USB ports in front of the Falcon then use the following...

Page 163: ...2 then Alt Shift Enter 14 Once logicube prompt appears type the following commands one line at a time Press the Enter key after each command line sudo mount o remount rw sudo passwd it 15 The followin...

Page 164: ...to be wiped or formatted using the Falcon A For Drive to File mode the Falcon must be used to format Destination drives This helps ensure that the images and data are written properly to the Destinati...

Page 165: ...m a network destination A Yes The Falcon includes a gigabit network connection Users can designate a network share as a source or destination repository using CIFS Common Internet File System or iSCSI...

Page 166: ...up copy of the hard drive prior to entering a secure location Q If I am imaging to or from USB enclosures will the Falcon s USB ports power my devices or will an additional power source be required A...

Page 167: ...ettings Proxy settings 101 iSCSI 90 Language 99 Logs 28 85 M 2 136 Manage Repositories Network 86 Mirror Settings 48 network connection 125 Network Services Disabling 102 Network Settings 33 Optional...

Page 168: ...at 001 818 700 8488 7am 5pm PST M F excluding US legal holidays or by email to techsupport logicube com Software Attribution Ubuntu 12 04 LTS http www ubuntu com Linux Kernel 3 2 48 GPL v2 http www ke...

Reviews:

No comments

Related manuals for F-FALCON-SA

G-Technology G-DRIVE mobile USB User Manual preview
G-DRIVE mobile USB
Brand: G-Technology Pages: 13
IBM System Storage DS4000 Hardware Maintenance Manual preview
System Storage DS4000
Brand: IBM Pages: 184
LaCie Rugged Triple USB 3.0 Specifications preview
Rugged Triple USB 3.0
Brand: LaCie Pages: 2
LaCie Rugged Triple USB 3.0 Use Manual preview
Rugged Triple USB 3.0
Brand: LaCie Pages: 2
LaCie RUGGED MINI White Paper preview
RUGGED MINI
Brand: LaCie Pages: 5
LaCie RUGGED BOSS SSD User Manual preview
RUGGED BOSS SSD
Brand: LaCie Pages: 60
LaCie Minimus Specifications preview
Minimus
Brand: LaCie Pages: 2
LaCie Little Big Disk Quadra Datasheet preview
Little Big Disk Quadra
Brand: LaCie Pages: 4
LaCie Little Big Disk Quadra Quick Install Manual preview
Little Big Disk Quadra
Brand: LaCie Pages: 24
LaCie Biggest FW800 User Manual preview
Biggest FW800
Brand: LaCie Pages: 53
LaCie Biggest F800 User Manual preview
Biggest F800
Brand: LaCie Pages: 59
LaCie 5BIG THUNDERBOLT 2 User Manual preview
5BIG THUNDERBOLT 2
Brand: LaCie Pages: 54
LaCie Starck Desktop Hard Drive Datasheet preview
Starck Desktop Hard Drive
Brand: LaCie Pages: 2
LaCie 301527 Quick Install Manual preview
301527
Brand: LaCie Pages: 24
LaCie 301490 User Manual preview
301490
Brand: LaCie Pages: 52
LaCie Rugged Hard Disk Specifications preview
Rugged Hard Disk
Brand: LaCie Pages: 2
LaCie Network Space MAX Datasheet preview
Network Space MAX
Brand: LaCie Pages: 2
LaCie Rugged Hard Disk Features & Specifications preview
Rugged Hard Disk
Brand: LaCie Pages: 2

Brands by name

Popular brands

Load more brands