Logicube TALON ULTIMATE User Manual Download Page 1

Page: 1 / 125

Logicube Talon

Ultimate User’s Manual

Talon® Ultimate User’s Manual

Logicube, Inc.

Chatsworth, CA 91311

USA

Phone: 818 700 8488

Fax: 818 700 8466

Version: 1.1

Date: 05/09/16

MAN-TALON_ULTIMATE

Summary of Contents for TALON ULTIMATE

Page 1: ...Logicube Talon Ultimate User s Manual I Talon Ultimate User s Manual Logicube Inc Chatsworth CA 91311 USA Phone 818 700 8488 Fax 818 700 8466 Version 1 1 Date 05 09 16 MAN TALON_ULTIMATE ...

Page 2: ...LEMS CAN CAUSE LOSS OF DATA DEFECTIVE FORMATTING OR DATA LOADING LOGICUBE WILL MAKE EFFORTS TO SOLVE OR REPAIR ANY PROBLEMS IDENTIFIED BY CUSTOMER EITHER UNDER WARRANTY OR ON A TIME AND MATERIALS BASIS Warranty DISCLAIMER IMPORTANT PLEASE READ THE TERMS OF THIS AGREEMENT CAREFULLY BY INSTALLING OR USING LOGICUBE PRODUCTS YOU AGREE TO BE BOUND BY THIS AGREEMENT IN NO EVENT WILL LOGICUBE BE LIABLE W...

Page 3: ...TIVE PRODUCTS IF A PRODUCT IS HAS BECOME OBSOLETE OR IS NO LONGER SUPPORTED BY LOGICUBE THE PRODUCT MAY BE REPLACED WITH AN EQUIVALENT OR SUCCESSOR PRODUCT AT LOGICUBE S DISCRETION THIS WARRANTY EXTENDS ONLY TO THE END PURCHASER OF LOGICUBE PRODUCTS THIS WARRANTY DOES NOT APPLY TO AND IS NOT FOR THE BENEFIT OF RESELLERS OR DISTRIBUTORS OF LOGICUBE PRODUCTS UNLESS OTHERWISE AGREED IN WRITING BY LOG...

Page 4: ...ELECTRONIC EQUIPMENT CONTAINING SOME HAZARDOUS SUBSTANCES SUCH AS MERCURY LEAD CADMIUM HEXAVALENT CHROMIUM AND CERTAIN FLAME RETARDANTS IN THE EUROPEAN UNION THIS DIRECTIVE APPLIES TO ELECTRONIC PRODUCTS PLACED ON THE EU MARKET AFTER JULY 1 2006 Logicube Technical Support Contact Information 1 By website www logicube com 2 By email techsupport logicube com 3 By telephone 1 818 700 8488 ext 3 betwe...

Page 5: ...THE TALON ULTIMATE 5 2 1 TURNING THE TALON ULTIMATE ON AND OFF 8 2 2 CONNECTING VARIOUS DRIVE TYPES 8 2 2 1 Connecting Source Drives 8 2 2 2 Connecting Destination Drives 10 2 2 3 Connecting USB 3 0 Drives 11 2 2 4 Using USB FireWire eSATA enclosures 11 2 2 5 Connecting SATA Drives using a USB to SATA adapter 11 2 3 THE USER INTERFACE 12 2 4 TOUCH SCREEN 13 2 5 HDMI 13 3 QUICK START 14 3 0 QUICK S...

Page 6: ...or Handling Common Setting 35 4 0 3 4 Hash Verification Method Common Setting 36 4 0 3 5 Special Settings 37 4 0 3 5 1 Special Settings for Drive to Drive 37 4 0 3 5 2 Special Settings for Drive to File 40 4 0 4 Destination 43 4 1 STARTING THE IMAGING OPERATION 44 6 TYPES OF OPERATIONS 46 5 0 TYPES OF OPERATIONS INTRODUCTION 46 5 0 1 Imaging 47 5 0 2 Hash Verify 48 5 0 2 1 Mode 48 5 0 2 2 Drives 4...

Page 7: ...ep by step Instructions 83 7 1 2 Using previously encrypted Destination drives 84 7 2 DECRYPTING A TALON ULTIMATE ENCRYPTED DESTINATION DRIVE WITH A TALON ULTIMATE 84 7 2 1 Step by step Instructions 85 7 3 DECRYPTING THE DRIVE WITHOUT A TALON ULTIMATE 86 7 3 1 Which decryption software to use 87 7 3 2 Decrypting using VeraCrypt 87 7 3 3 Decrypting using TrueCrypt 90 7 3 4 Decrypting using FreeOTFE...

Page 8: ...r Profiles Configurations 107 10 PRINTING LOG FILES 108 10 0 PRINTING LOG FILES INTRODUCTION 108 10 1 PRINTING FROM THE WEB INTERFACE 108 10 2 CONFIGURING A LOCAL OR NETWORKED PRINTER 108 10 2 1 Step by step Configuring a local or networked printer 109 11 VIEWING EXT4 FORMATTED DESTINATION DRIVES IN WINDOWS 111 11 0 VIEWING EXT4 FORMATTED DESTINATION DRIVES INTRODUCTION 111 11 0 1 Step by step ins...

Page 9: ...sed copy E01 features user selectable compression levels The Talon Ultimate provides SHA1 SHA256 or MD5 authentication and dual hash MD5 SHA1 Source ports Write protected source ports include 1 SATA SAS optional 1 USB 3 0 1 FireWire optional SAS and FireWire support is enabled via a software option no additional modules required USB ports can be used for SATA drives using an optional USB to SATA a...

Page 10: ...IDE drives are supported with an adapter included with Talon Ultimate 1 8 IDE 1 8 ZIF mSATA microSATA eSATA and flash drives are supported with optional adapters Secure sensitive evidence data with whole drive AES 256 bit Encryption Decryption can be performed using the Talon Ultimate or by using open source software programs such as VeraCrypt TrueCrypt or FreeOTFE Users can Image from a Mac syste...

Page 11: ...SATA to SATA cable mSATA to SATA adapter Flash media reader 18 extended length SAS SATA cable set Extended 1 year and 2 year warranties Soft sided carrying bag Hard case Pelican type 1 4 Specifications WARNINGS Never connect a suspect drive to the Destination ports as data may be overwritten Incorrectly connecting the suspect drive to the system can result in data on the suspect drive to be lost f...

Page 12: ......

Page 13: ...2 0 Overview of the Talon Ultimate Special Icons Throughout this manual there are two icons that can be seen Please pay close attention when any of these two icons are found These icons highlight additional information or important warnings on specific topics ...

Page 14: ...GETTING STARTED Logicube Talon Ultimate User s Manual 6 ...

Page 15: ...GETTING STARTED Logicube Talon Ultimate User s Manual 7 ...

Page 16: ...ll begin its shut down process and after a few seconds the display and fans will turn off 2 Using the Graphical User Interface GUI either on the touch screen or via a browser through a remote connection navigate to the Power Off screen and tap or click the Power Off icon 2 2 Connecting various drive types Cables and adapters are available for the following drive types SAS optional SATA USB 2 5 and...

Page 17: ...time Some drives are not hot swappable Please check with the drive manufacturer to find out if the drive being used does not support hot swapping Source drives do not have to be connected in any order For example a single SATA Source drive does not have to be connected to the SAS SATA S1 port It can be connected to the SAS SATA S2 port without having anything connected to the S1 port Never connect...

Page 18: ...SAS Source Option2 to activate support for SAS drives on both source and destination ports FW D1 Requires purchase of the FireWire Source Destination option to activate this port Destination drives do not have to be connected in order For example a single SATA Destination drive does not have to be connected to the SAS SATA D1 port It can be connected to the SAS SATA D2 port without having anything...

Page 19: ...Talon Ultimate allowing the device to be detected properly We have identified and qualified a USB 3 0 hub which is available as an option For more information on the USB 3 0 hub please see Section 12 5 2 2 4 Using USB FireWire eSATA enclosures When using USB FireWire and or eSATA enclosures it is highly recommended to leave the drive inside the enclosure USB enclosures typically have an on board c...

Page 20: ...0 hub please see Section 12 5 2 3 The user interface The user interface UI has been designed to quickly and easily input commands It is simple and intuitive showing common icons such as tasks modes of operation and scroll icons on the screen The UI is designed to be easily followed going from left to right across the screen A Operations Tasks currently running displays up to 5 total tasks B Lock i...

Page 21: ...located in the back panel Simply connect an HDMI cable from the Talon Ultimate to an external display that supports HDMI and Talon Ultimate will automatically show the display on both the Talon Ultimate and the external display To change the display resolution on the external display 1 Connect a wired USB keyboard to one of the front USB host ports 2 Press ALT R An on screen display should appear ...

Page 22: ...ded to change the passwords for built in accounts Instructions on how to change the passwords to the two built in accounts can be found in Chapter 6 3 1 Imaging This type of operation allows the imaging of a Source drive to one or more Destinations There are two 2 different imaging modes and several settings to choose from These selections should be performed in order from left to right Drive to D...

Page 23: ...ltimate uses a concurrent Image Verify process When Verify is set the Talon Ultimate images and verifies concurrently and takes advantage of destination hard drives that may be faster than the source hard drive Duration of total image process time may be reduced by up to half The Talon Ultimate imaging hash and wipe speeds are determined by several factors including the following The manufacturer ...

Page 24: ...he Case Info screen by entering a Case File name See Section 4 0 3 1 for more information The Talon Ultimate will convert any non POSIX portable characters used in Case File Name field to underscores _ when creating the log or file names POSIX portable characters are Uppercase A to Z Period Lowercase a to z Underscore _ Numbers 0 to 9 Hyphen Dash 5 Tap the Destination icon and select the destinati...

Page 25: ...r is not the actual size of the drive This is the actual data being processed When Verify is set to Yes the reported number will double in size 3 1 1 1 Blank Disk Check The Talon Enhanced has the ability to check a drive to see if it is blank or wiped To perform a blank disk check 1 Connect a drive to the Talon Ultimate 2 Choose Imaging Hash or Wipe Format 3 Choose Source Destination or Drives to ...

Page 26: ... space on the Destination drive the following prompt will appear warning that there might not be sufficient space on the Destination drive When the Destination drive is full and the remaining data to be will not fit Talon Ultimate will prompt for another drive When the screen above appears tap the OK icon and the Select Repository screen will appear The Destination drive that is full can be discon...

Page 27: ...task will instruct the Talon Ultimate to calculate the hash for the specified drive or validate the hash value for that drive There are two modes available DRIVE HASH This mode will hash any connected drive on an active Source or Destination port This mode is Logical Block Address LBA based and will hash drives based on the number of LBAs If multiple drives are selected to be hashed the Talon Ulti...

Page 28: ...ap Case Info to set the Case File Name Case ID Examiner Evidence ID or Case Notes The Talon Ultimate will convert any non POSIX portable characters used in Case File Name field to underscores _ when creating the log or file names POSIX portable characters are Uppercase A to Z Period Lowercase a to z Underscore _ Numbers 0 to 9 Hyphen Dash 6 Tap the Start icon to start the hash task 7 When finished...

Page 29: ...e supports Secure Erase Wipe Patterns Allows the user to set a specific pattern to use for wiping the drive The number of passes is customizable up to 7 passes along with the type of data written for each pass In addition a 7 pass DoD wipe can be set with pre selected pass values It is recommended to use the same capacity drive per task When smaller capacity drives are wiped together with larger c...

Page 30: ...re task is finished 3 Tap the Settings icon and choose the type of wipe to be performed Secure Erase and or Wipe Patterns If Wipe Patterns is selected choose the type of Wipe Pattern to perform DoD or Custom 4 If the drive has an HPA or DCO area that needs to be wiped tap the HPA DCO icon and select Yes to wipe the HPA DCO area of the drive 5 Tap the Passes icon to edit the number of passes and wh...

Page 31: ...on the Destination drive 7 Optional Tap Case Info to set the Case File Name Case ID Examiner Evidence ID or Case Notes The Talon Ultimate will convert any non POSIX portable characters used in Case File Name field to underscores _ when creating the log or file names POSIX portable characters are Uppercase A to Z Period Lowercase a to z Underscore _ Numbers 0 to 9 Hyphen Dash 8 Tap the Start icon t...

Page 32: ...re are several utilities that allow viewing of the EXT4 file system in Windows Logicube has tested and recommends Ext2Fsd http www ext2fsd com which is a utility driver that allows EXT partitions to be viewable in Windows For detailed instructions on Ext2Fsd please see Chapter 11 NTFS is natively supported by Windows 3 4 1 Step by step instructions USB Device 1 Select USB Device from the types of ...

Page 33: ... showing no changes were actually made 3 5 Logs The Talon Ultimate keeps logs of all imaging hash and wipe or format operations Logs can be viewed directly on the Talon Ultimate or from a computer s browser if the Talon Ultimate is connected to a network In addition to viewing the logs can be exported to an external USB location such as a USB flash drive Logs are exported in PDF HTML and XML forma...

Page 34: ... log files will appear sorted by date newest on top 2 Select the log file to view by tapping the name of the log file This will highlight the log file chosen 3 Tap the View icon to view the log file on screen The log files can also be exported to a USB drive To export the log files a Connect a USB drive USB flash drive or USB external drive to one of the two USB ports located on the front of the T...

Page 35: ...e printed to an available printer on configured on the computer 3 5 2 Deleting log files Log files can be deleted one at a time or all at once To delete a single log file tap the log file to highlight the log file to be deleted Tap the Delete icon to delete the selected log file To delete all the log files tap the Delete All icon A log file deletion password can be set to add a layer of security w...

Page 36: ...g files can also be accessed through a network on a computer if the Talon Ultimate is connected on the same network 1 Open Windows Explorer or a similar window and browse to the hostname or the IP address found in the Statistics screen See Section 5 0 6 for more information on the Statistics screen 2 A Windows security screen will appear prompting to enter a User name and Password to connect to th...

Page 37: ...This screen will show information about the Talon Ultimate including the current software installed Adv Drive Statistics Displays S M A R T information taken directly from what the drive is reporting Options Displays which optional software is available and what is installed Network Interface Stats Displays the Network Interface statistics Receive and Transfer bytes packets drops and errors and th...

Page 38: ...he Talon Ultimate to connect to the Internet This typically includes a server or IP address a host port a username and password For detailed information on the Network Settings screen see Section 5 0 8 of this manual 3 9 Software Updates New and improved software will be released from time to time There are two ways to update the software on the Talon Ultimate From the web via a network connection...

Page 39: ...maging modes and several settings to choose from These selections should be performed in order from left to right There are four selections when performing an image Mode Drives Settings Destination 4 0 1 Mode Tap this icon to choose between the following three imaging modes Drive to Drive Performs a bit for bit copy of the Source producing an exact duplicate of the Source drive ...

Page 40: ... Drives Tap this icon to select the Source drive to be imaged Talon Ultimate will list all the drives connected to the Source position s The More Info icon displays more information on the drive The drive details window will appear showing information about the drive 4 0 3 Settings Tap the Settings icon to change the image settings Depending on what Mode was selected Drive to Drive or Drive to Fil...

Page 41: ... when using Drive to Drive mode 4 0 3 1 Case Info Common Setting Case Info allows users to enter information about the case This is optional and is not required to start an imaging operation Information entered here will appear in the logs In addition some forensic analysis software can import the information when the image files are opened Tap any of the boxes and an on screen keyboard will appea...

Page 42: ...in Case File Name field to underscores _ when creating the log or file names POSIX portable characters are Uppercase A to Z Period Lowercase a to z Underscore _ Numbers 0 to 9 Hyphen Dash 4 0 3 2 HPA DCO Common Setting and Drive Trim Some computer manufacturers will use a utility that creates an HPA or DCO configuration on a hard drive These are designed to change drive characteristics such as dri...

Page 43: ... Trim please see section 6 0 3 5 1 Special Settings for Drive to Drive 4 0 3 3 Error Handling Common Setting When bad sectors are encountered on the Source drive Talon Ultimate can either skip the bad sectors or abort the imaging operation This allows flexibility on what to do when bad sectors are found on the Source drive When bad sectors are encountered and error handling is set to Skip Talon Ul...

Page 44: ...ins a bad sector the Talon Ultimate will skip the entire cluster or 4096 bytes or 8 sectors 4 0 3 4 Hash Verification Method Common Setting This setting allows the user to set a hash and or a verification method Hash Method Will hash the Source drive with the selected method There are different hash algorithms available depending on which Imaging mode is selected None No hash of the Source will be...

Page 45: ... mode is selected Mirror Settings will appear on the top right of the Settings screen DRIVE TRIM This user selectable function allows the Talon Ultimate to manipulate the Device Configuration Overlay DCO and Host Protected Area HPA of the destination drive using the Device Configuration Set command for DCO and Set Max Address command for HPA so that the Destination drive s total native capacity ma...

Page 46: ...Trim is only available in Drive to Drive mode and by default is set to NO Drive Trim only works with ATA drives and will not work with USB external drives or drives connected via USB SAS or SCSI drives Restoring a trimmed drive To restore a trimmed drive to its original capacity perform a custom wipe single pass and set the WIPE DCO and WIPE HPA settings to YES ...

Page 47: ...t Secure Erase to OFF Set Wipe Patterns to Mode Custom HPA DCO YES TRUE LBAS Edit to 1 LBA PASSES Edit the number of passes to any value for 1 pass To set the LBA to 1 go to LBAS then tap the edit icon and enter the value 1 Start the wipe task The task should finish quickly as it is resetting just wiping the HPA DCO and 1 LBA ...

Page 48: ...typically set to 0 or the beginning of the Source Master Target Start Set the percentage or number of blocks from the start of the Destination Target For forensic purposes this is typically set to 0 or the beginning of the Destination Target Alternatively the specific number of blocks can be set for each of the options by tapping the edit icon 4 0 3 5 2 Special Settings for Drive to File When Driv...

Page 49: ...es methods can be selected DD Uncompressed raw image files readable by many forensic programs E01 Compressed or uncompressed EnCase legacy evidence file format EX01 Compressed or uncompressed EnCase evidence file format SEGMENT SIZE Available for DD E01 and EX01 Allows the user to set the output segment size file size Choose from 2 GB 4 GB 8 GB or 16 GB A Whole Disk option is available for DD only...

Page 50: ...and EX01 only Sets the compression level for E01 or EX01 imaging When selecting Compression the following screen will appear Use the slider bar to adjust the desired compression level The higher the compression level the longer it will take to image the Source drive The Default compression setting is recommended when compression is used ...

Page 51: ...en Drive to File mode is selected the Destination screen will show all drives connected to the Destination positions and will show how many image files are found on each drive the free space and the formatted file system For DD E01 Ex01 and File to File mode the Talon Ultimate uses the EXT4 file system or NT file system NTFS to format drives If the Destination drive is not formatted properly the L...

Page 52: ...Details on encryption can be found in Chapter 8 of the Talon Ultimate User s Manual For details on formatting a drive see Section 5 0 3 2 3 Formatting the drive may take up to two minutes Tap the OK icon to continue For in depth information regarding drive encryption please see Chapter 8 Drive Encryption and Decryption 4 1 Starting the Imaging Operation Once all the settings and options have been ...

Page 53: ...e configured The number of bytes shown on the progress bar is not the actual size of the drive This is the actual data being processed When Verify is set to Yes the reported number will double in size Talon Ultimate can automatically span to two or more Destination drives when using Drive to File mode DD E01 EX01 When the Destination drive is full and the remaining data to be imaged will not fit T...

Page 54: ...rms a bit for bit copy of the Source producing an exact duplicate of the Source drive b Drive to File Images the Source to any of the following image output formats DD E01 EX01 or File Compression is available for E01 and EX01 formats Details on the different screens found in the Imaging operation can be found in Chapter 4 Imaging 2 HASH VERIFY Perform a SHA1 SHA 256 or MD5 hash of a drive or veri...

Page 55: ...the system settings on the Talon Ultimate which include the following User profiles configurations Allows the user to create save apply or delete user profiles configurations Passwords Allows the user to set a password to lock the Talon Ultimate from any configuration changes Encryption Settings Sets the cipher mode VCRPYT TC XTS CBC or ECB Cipher IV Generation and the encryption password Language...

Page 56: ... type of operation allows the hashing of any connected drive using one of the following algorithms SHA 1 SHA 256 MD5 and SHA 1 MD5 Case Image files created by the Talon Ultimate can also be verified There are four selections when performing a Hash or Verify Mode Drives Settings and Case Info 5 0 2 1 Mode Tap this icon to choose the mode Drive Hash will hash a drive based on Logical Block ...

Page 57: ...e is selected all connected drives will be shown When Verify mode is selected only Destination drives with cases images created by the Talon Enhanced will be shown 5 0 2 2 Settings Tap this icon to choose a drive to adjust the hash or verify settings 5 0 2 2 1 Drive Hash Settings If Drive Hash mode was chosen the Hash Settings screen will appear Tap this icon to set the hash method SHA 1 SHA 256 o...

Page 58: ...to start one task per drive Select one of the following hash methods SHA 1 Select this to hash or verify the Target drives using the SHA 1 algorithm SHA 256 Select this to hash or verify the Target drives using the SHA 256 algorithm MD5 Select this to verify the Target drives using the MD5 algorithm The recommended method is SHA 1 or SHA 256 By default this value will have 0s zeros If this is not ...

Page 59: ...en On this screen the user can adjust the percentage or the number of blocks of the drive to hash and also where to start the hash By default the length is set to 100 whole drive and the starting percentage is set to 0 start of the drive When the Talon Ultimate finishes hashing the drive the following screen will appear showing the task completed Tap the Info icon on the left of the completed scre...

Page 60: ...s screen will appear Tap this icon to set which hash to verify Primary or Both 5 0 2 3 Case Info The Case Info setting allows users to enter some information about the case This is optional and is not required to start a Hash or Verfiy operation Information entered here will appear in the logs More information on the Case Info screen can be found in Section 4 0 3 1 ...

Page 61: ...ipe Format This type of operation allows the user to erase wipe and or format one or more Destination drives There are three main settings Secure Erase Wipe Mode and Format Secure Erase Sends a command to the drive instructing it to perform a secure erase based on the drive manufacturer s specifications for the secure erase command Wipe Patterns Allows the user to set a specific pattern to use for...

Page 62: ... 1 Destination Tap this icon to choose a drive to erase wipe and or format A screen will appear allowing the selection of one or more destinations Tap the drive s to be erased wiped and or formatted then tap OK 5 0 3 2 Settings Tap this icon to choose a drive to set the wipe settings The Wipe Settings screen will appear There are three sections in the Settings screen Secure Erase Wipe Patterns and...

Page 63: ...e Erase the selected Destination drive s Most drives support this function Secure Erase will send a command to the drive instructing it to reset itself to the specifications the drive manufacturer has set For SAS Serial Attached SCSI drives Secure Erase sends a Format command For SATA Serial ATA drives Secure Erase sends a Security Erase Unit command For SATA drives that support Enhanced Security ...

Page 64: ...terns to use for wiping the drive The number of passes is customizable up to 7 passes along with the type of data written for each pass In addition a 7 pass DoD wipe can be set with pre selected pass values There are 4 selections when setting a wipe pattern Mode HPA DCO LBAS PASSES It is recommended to use the same capacity drive per task When smaller capacity drives are wiped together with larger...

Page 65: ...en the HPA DCO option for wiping If the drive to be wiped has HPA and or DCO that needs to be wiped select Yes for the corresponding option By default this is set to 100 which will wipe all Logical Block Addresses LBAs and will wipe the entire drive 100 This Wipe Setting will change depending on the Wipe Pattern Mode selected If None was selected this is not selectable If DoD was selected the firs...

Page 66: ...y tapping the edit icon Passes screen when DOD is selected The Talon Ultimate automatically enters default values for pass numbers 1 through 6 It is mandatory that the user enters a value for the 7th pass or the Talon Ultimate will not proceed with the wipe operation Values can be changed or added by tapping the edit icon Passes screen when Custom is selected ...

Page 67: ...structs the Talon Ultimate to skip the pass RANDOM Instructs the Talon Ultimate to perform one random value on all Logical Block Addresses LBAs sectors RANDOM BUFFER Instructs the Talon Ultimate to create a buffer of several random patterns on all LBAs sectors VALUE Instructs the Talon Ultimate to use the specified hex value to be written for the pass The values can range anywhere from 00 to FF 5 ...

Page 68: ...e to format the drive with or without encryption Three settings are available Format When set to ON the Talon Ultimate will format the Destination drive with or without encryption The drive will be formatted with the EXT4 file system or NT file system NTFS depending on which file system is chosen When set to OFF the Talon Ultimate will not format or encrypt the selected drive File System Select EX...

Page 69: ...pe operation Information entered here will appear in the logs More information on the Case Info screen can be found in Section 4 0 3 1 Tap any of the boxes and an on screen keyboard will appear allowing information to be entered After entering the information tap the OK icon to go back to the previous screen The Talon Ultimate will convert any non POSIX portable characters used in Case File Name f...

Page 70: ...the Talon Ultimate are write protected This mode of operation is only available with the activation of the optional USB 3 0 Device Port Option which enables the front micro B USB 3 port When this type of operation is selected the following screen will appear Choose the drive to view then tap the ENGAGE icon The DRIVE STATUS for the selected drive will change to ENGAGED and the ENGAGE icon will cha...

Page 71: ...connected from the computer and the Talon Ultimate Only one drive can be engaged at a time If the drive is not mounting properly go to the Settings tab and change each setting one at a time then disengage and re engage the drive 5 0 5 Logs The Talon Ultimate keeps logs of all imaging hash wipe format and push operations Logs can be viewed directly on the Talon Ultimate or from a computer s browser...

Page 72: ...ctions depending on what settings and options were chosen during the operation including Information on the Talon Ultimate and its settings Case info if entered Source and Destination hashes See Section 3 51 for instructions on how to export the log files See Section 3 5 2 for instructions on how to delete the log files See Section 3 5 3 for instructions on how to Accessing the logs over a network...

Page 73: ...n Ultimate including the current software installed Adv Drive Statistics This shows S M A R T Self Monitoring Analysis and Reporting Technology information taken directly from what the drive is reporting Navigate between drives by using the left and right scroll arrows The up and down scroll arrows scroll through the different information The information shown is the raw value tracked by the drive...

Page 74: ...ork Interface Stats Displays the Network Interface statistics Receive and Transfer bytes packets drops and errors and the link status 5 0 7 System Settings The System Settings screen allows users to configure five different settings for the Talon Ultimate User Profiles Configurations Passwords Encryption Settings Language Time Zone Display ...

Page 75: ...onfigurations can also be backed up to a USB flash drive and restored if needed More information including detailed step by step instructions can be found in Section 9 6 Profiles configurations allow users to create different profiles or configurations The profile configuration can then be saved When a profile configuration is loaded using the Load icon the Talon Ultimate will load that configurat...

Page 76: ...on screen will appear 7 Tap the Yes icon to save the profile 8 Make sure the profile to be loaded during the boot process is highlighted in this case E01 2GB DB and tap the Load icon A confirmation screen will appear 9 The profile is now loaded Also the next time the Talon Ultimate is turned on it will load the E01 2GB DB profile To delete a profile tap the delete icon A confirmation screen will a...

Page 77: ...Talon Ultimate will prompt for the password before any log files can be deleted Config Lock The Talon Ultimate can be configured to lock out any configuration changes When this is enabled changes to the different types of operations cannot be made without entering the correct key or password Different types of operations can still be started For example when the Talon Ultimate is locked and it is ...

Page 78: ...follows Imaging An imaging task can be started but no settings can be changed Additionally no new task can be added and no task can be deleted without the unlock key Hash A hash task can be started but no settings can be changed Additionally no new task can be added and no task can be deleted without the unlock key Wipe A wipe task can be started but no settings can be changed Additionally no new ...

Page 79: ...ofile configuration The Talon Ultimate can still be turned off without the unlock key by using the power button located on the top of the Talon Ultimate Remember the Config Lock Key If the Talon Ultimate is configured to load with the Config Lock set enabled the only way to delete the Config Lock is to reset the Talon Ultimate using the Command Line Interface CLI 5 0 7 2 2 Forgotten password or co...

Page 80: ...loaded each time the Talon Ultimate is turned on 5 Type db load initial db then press the Enter key to load the default database There should be a response showing Command DbManagement Successful 6 Type db list again and there should be an asterisk on initial db 7 Turn the Talon Ultimate off using the power switch located in the back of the device and close the Telnet SSH application 8 Wait for th...

Page 81: ...t this time only the AES 256 cipher is supported IV Generation Unavailable when VCRYPT or TC XTS cipher mode is selected If CBC or ECB cipher mode is selected users can choose between PLAIN64 and ESSIV SHA256 Encryption Password or Key Users must choose their own encryption password key There are 2 imaging modes in which encryption can be used Drive to File Images the Source to any of the followin...

Page 82: ...nge the language displayed As soon as the selection is made the Talon Ultimate s screen or the computer s Internet browser will automatically refresh and display the selected language The Custom button is reserved for future language releases 5 0 7 4 2 Time Zone The Talon Ultimate utilizes NTP Network Time Protocol Each time the Talon Ultimate is connected to a network with internet access it will...

Page 83: ...Display Brightness The Talon Ultimate s screen s brightness may need to be adjusted depending on the user s preference To adjust the brightness use the left or right arrow icons on the screen The screen s brightness will adjust accordingly The screen brightness cannot be saved and loaded as a user profile configuration Each time the Talon Ultimate boots the brightness will be reset to 80 ...

Page 84: ...he screen Stealth mode will not have any effect when using the Graphical User Interface through a computer s Internet browser 5 0 8 Network Settings The Network settings screen allows certain services to be enabled or disabled in the Services tab There is also an HTTP Proxy tab where proxy server information can be entered 5 0 8 1 Services There are 6 services that can be disabled enabled by defau...

Page 85: ... For example if HTTP is disabled users will not be able to see the Talon Ultimate through a web browser over the network Please contact your Network or Systems Administrator before changing any of these services 5 0 8 2 HTTP Proxy If the network the Talon Ultimate is connected to uses an HTTP proxy server to access the Internet a proxy settings may need to be set in order for the Talon Ultimate to...

Page 86: ... to update the software on the Talon Ultimate From the web via a network connection or from a USB drive For the latest step by step instructions on how to update the Talon Ultimate software please read the Talon Ultimate Software readme file located on the Talon Ultimate Support page on the Logicube website at http www logicube com In depth information on updating the Talon Ultimate software can b...

Page 87: ...The Talon Ultimate can be remotely turned off by going to this tab Additionally the Graphical User Interface GUI can be refreshed DRIVE POWER Inactive drives connected to the Talon Ultimate can be set to go to standby mode in this tab The default is set to 0 minutes OFF ...

Page 88: ... user logicube and the password logicube Alternatively you can connect a USB keyboard one of the two USB ports in front of the Talon Ultimate then use the following key combinations Alt 2 then Alt Shift Enter 2 Once logged in and or the logicube prompt appears type the following commands one line at a time Press the Enter key after each command line sudo mount o remount rw passwd 3 The following p...

Page 89: ...these passwords you will need to telnet or SSH to the Talon Ultimate see sections 9 3 1 and 9 3 2 for instructions on how to connect via Telnet or SSH 1 Login with the username it and the default password it The Command Line Interface CLI should appear 2 Type the following commands one line at a time Press the Enter key after each command line command config user set n it p xxxxx g itgrp xxxxx wou...

Page 90: ... the Encryption Settings page on the Talon Ultimate Cipher Mode Users can choose between TC XTS CBC ECB or VCRYPT cipher modes CBC or ECB cipher modes can be decrypted using the Talon Ultimate or FreeOTFE TC XTS cipher mode can be decrypted using the Talon Ultimate or TrueCrypt VCRYPT cipher mode can be decrypted using the Talon Ultimate or VeraCrypt The Talon Ultimate encrypts drives using AES 25...

Page 91: ...and select the Destination drive to be formatted and encrypted 6 Tap the Settings icon If the Destination needs to be wiped choose the type of wipe to be performed Secure Erase and or Wipe Patterns If Wipe Patterns is selected choose the type of Wipe Pattern to perform DoD or Custom If the drive has an HPA or DCO area that needs to be wiped tap the HPA DCO icon and select Yes to wipe the HPA or DC...

Page 92: ...eviously encrypted Destination drive is not connected 2 From the main menu select System Settings from the types of operations on the left side 3 Tap the Encryption Settings tab 4 Set the Cipher Mode Cipher IV Generation and Password that was used for the previously encrypted Destination drive 5 Connect the previously encrypted Destination drive to one of the Destination ports If the same encrypti...

Page 93: ...de Cipher IV Generation and Password These should be set to the same values as to how the drive was encrypted If the values are incorrect the drive will not be decrypted properly and the data will be unrecognizable 5 Connect the previously encrypted Destination drive to one of the Destination ports 6 Select USB Device from the types of operation on the left side When this type of operating is sele...

Page 94: ...ve without a Talon Ultimate In order to mount and read an encrypted Destination drive in Windows without using a Talon Ultimate Logicube recommends one of three third party utilities called VeraCrypt TrueCrypt or FreeOTFE Other utilities may work but are not supported or tested by Logicube VeraCrypt can be downloaded from https veracrypt codeplex com TrueCrypt can be downloaded from for decryption...

Page 95: ...ve was encrypted with the VCRYPT cipher mode TrueCrypt Use this software if the Destination drive was encrypted with the TC XTS cipher mode FreeOTFE Use this software if the Destination drive was encrypted with the CBC or ECB cipher mode 7 3 2 Decrypting using VeraCrypt Requirements VeraCrypt installed A drive encrypted by the Talon Ultimate using the VCRYPT cipher mode connected to the computer w...

Page 96: ...DRIVE ENCRYPTION DECRYPTION Logicube Talon Ultimate User s Manual 88 2 Click Select Device and choose the partition of the connected drive then click OK 3 Click Mount ...

Page 97: ...s Manual 89 4 Type the encryption password in the Password field Click on the check box for Use PIM 5 Once Use PIM is checked a new field will appear Type 100 in the Volume PIM field then click OK 6 The drive should now be mounted and assigned a drive letter ...

Page 98: ...ows 7 3 3 Decrypting using TrueCrypt Requirements TrueCrypt properly installed A drive encrypted by the Talon Ultimate using the TC XTS cipher mode connected to the computer with TrueCrypt 1 Once the drive is connected to the computer open TrueCrypt and select Volumes from the menu system then click Select Device ...

Page 99: ...ate User s Manual 91 2 The Select a Partition or Device window will appear Select the partition of the drive Do not select the actual drive itself Click OK to continue 3 Verify the Volume shows the correct device and partition Click Mount to continue ...

Page 100: ...word used to encrypt the drive then click OK to continue TrueCrypt has a setting to mount the drive as read only which is a software write block This setting can be found by clicking Mount Options A hardware write block device may be used instead if needed 5 TrueCrypt will mount the drive and assign it a drive letter ...

Page 101: ...he EXT4 file system and Ext2Fsd is not installed the following messages may appear in Windows Make sure Ext2Fsd is installed if the Destination drive was formatted with the EXT4 file system 7 3 4 Decrypting using FreeOTFE Requirements FreeOTFE properly installed A drive encrypted by the Talon Ultimate using the CBC or ECB cipher mode connected to the computer with FreeOTFE ...

Page 102: ...n Linux volume then Mount partition 2 Select the encrypted disk to mount in this example it is Disk 5 Place a check mark on the Entire disk option FreeOTFE cannot read the partition table on the drive since it is encrypted at this time 3 In the Key tab enter the Key password and make sure the Hash is set to RIPEMD 160 ...

Page 103: ...ization Vector IV generation method to match what was used in the IV Generation on the Talon Ultimate In this example plain64 was used In the Sector zero location choose Start of encrypted data 5 In the File options tab set the Offset to 1048576 Since the Talon Ultimate uses the EXT4 file system the offset is at 2048 sectors or 1048576 bytes ...

Page 104: ...n To do so make sure the Mount readonly option is checked Windows may not mount the drive if this option is checked If this is the case use a write protect device and uncheck the Mount readonly option 6 Click the OK button The following warning screen may appear Click the Yes button to continue 7 FreeOTFE will mount the drive and assign a drive letter ...

Page 105: ...ppear in the FreeOTFE window 9 The Destination drive should now be accessible in Windows If the Destination drive was formatted with the EXT4 file system and Ext2Fsd is not installed the following messages may appear in Windows Make sure Ext2Fsd is installed if the Destination drive was formatted with the EXT4 file system ...

Page 106: ...er depending on Internet speeds and Internet traffic The most up to date instructions on updating the software can be found on the Talon Ultimate s support page 8 1 1 From Network Via the web 1 Connect the Talon Ultimate to a network with Internet access Set the proxy settings IP settings if necessary Attach a network cable to the back of the Talon Ultimate The Talon Ultimate is DHCP enabled by de...

Page 107: ...in any folder Do not connect the USB flash drive yet The Talon Ultimate will display a message when to connect the USB drive If the computer being used to extract the contents of the downloaded zip file has the software WinZip or other third party zip software please review Section 8 1 2 1 before proceeding 3 From the main screen tap the Software Updates icon 4 Select From USB Drive The Talon Ulti...

Page 108: ...ty zip software it is highly recommended to use the built in utility in Windows If the downloaded zip file is highlighted and WinZip is installed there will be an option to Open with WinZip A computer without WinZip installed will have an option to Open when the file is highlighted If WinZip is installed highlight the downloaded zip file then click the arrow pointing downward next to Open with Win...

Page 109: ... AVAILABE Tap the Update icon A message will appear FIRMWARE UPDATE COULD TAKE UP TO A FEW MINUTES TO COMPLETE PLEASE DO NOT INTERRUPT POWER DURING THIS TIME ON COMPLETION THE UNIT WILL AUTO RESTART AND CONFIRM THE UPDATE Tap the OK icon to start the firmware update process When the OK icon is tapped the screen may appear to do nothing Do not keep tapping the OK icon The firmware update will take ...

Page 110: ...hat can be accessed one of two ways i Telnet via a network connection ii SSH Secure Shell via a network connection BROWSER COMPATIBILITY Google Chrome and Mozilla Firefox are recommended Other browsers may not display the Graphical User Interface GUI properly 9 1 Web Interface Using a web browser go to the IP address or the name of the Talon Ultimate with its serial number Both IP address and seri...

Page 111: ...uctions and support for third party clients please contact the software manufacturer 9 3 Installing the Telnet client in Windows Vista 7 8 8 1 or 10 By default the Telnet Client is not installed with Windows but it can be installed it by following the steps below 1 Open Control Panel and select either Programs Features or Programs 2 Click Turn Windows features on or off If a prompt for an administ...

Page 112: ...very similar to connecting via Telnet Since Windows does not have a built in SSH client a third party SSH client will need to be downloaded and installed to connect via SSH For instructions and support on how to use third party SSH clients please contact the SSH client s manufacturer 1 Connect the Talon Ultimate to the network by attaching a network cable CAT 6 type to the RJ45 connector in the ba...

Page 113: ... 9 5 1 Step by step instructions Static IP address 1 Connect the Talon Ultimate to a network with DHCP 2 Turn the Talon Ultimate on The Talon Ultimate should automatically assign itself an IP address that the Windows computer can see Go to the Statistics screen on the Talon Ultimate and take a look at the HostName and IPAddress 3 Using Telnet or SSH connect to the Talon Ultimate Instructions on ho...

Page 114: ...192 168 1 1 d lg then press the enter key f The Talon Ultimate should respond with the following Command DbNetworkConfig Successful g Now we need to save the configuration Type db save staticip db then press the enter key A Successful message should appear h Type db load staticip db to load the database configuration i Perform a full shut down on the Talon Ultimate Wait about 30 seconds then turn ...

Page 115: ...les configurations already set up connect to the Talon Ultimate s Command Line Interface CLI via Telnet or SSH see sections 10 3 1 and 10 3 2 for more information on connecting via Telnet or SSH 4 Once connected via CLI log in with the following credentials a Username it b Password it 5 From the main prompt type command then press the Enter key 6 Type config then press the Enter key 7 Type db list...

Page 116: ...worked printer for instructions on how to set up a local or networked printer 10 1 Printing from the Web Interface When the print icon is used on the web interface the browser s print dialog screen will appear This will allow printing to any configured printer on the computer as it is using the computer s web browser and Operating System to print 10 2 Configuring a local or networked printer The T...

Page 117: ... Talon Ultimate via CLI type command then press the enter key 5 Type config then press the enter key 6 Type printer search then press the enter key This will instruct the Talon Ultimate to search for all local and networked printers Here is an example of the search results class network make_model HP Color LaserJet 3600 uri socket 192 168 1 158 class network make_model HP LaserJet P4015 uri socket...

Page 118: ...ave printer db or you can use any name db you prefer then press the enter key A Successful message should appear 9 Type db load printer db to load the database configuration Each time the Talon Ultimate is turned on the local or networked printer should be available on the Talon Ultimate s touch screen ...

Page 119: ...provide basic instructions on how to make this utility work in our scenario For Ext2fsd support please visit their web site above 11 0 1 Step by step instructions Using Ext2fsd 1 Download and install Ext2fsd from the website above If Ext2fsd is already installed skip to step 2 After installing Ext2fsd reboot the computer 2 Connect the Destination drive to the computer The Talon Ultimate can be use...

Page 120: ...een shot of the full Volume Manager window 4 Double click the drive Alternatively the drive can be highlighted then from the menu system go to Tools then Ext2 Volume Management The following screen will appear Make sure that there is a check mark next to Automatically mount via Ext2Mgr Also make sure there is a drive letter assigned to the right of this option If not assign an available drive lett...

Page 121: ...ess it is absolutely certain that the mounted drive needs to be over written or erased whether partially or fully 5 The following confirmation screen will appear Click OK to continue 6 Close the Ext2fsd Volume Manager program Windows should now see the drive and assign it a drive letter with the volume name REPOSITORY ...

Page 122: ...drive A The number of bytes shown on the progress bar is not the actual size of the drive This is the actual data being processed When Verify is set to Yes the reported number will double in size Q Why is it when I image a drive the number of bytes shown is twice the size of my Source drive A The number of bytes shown on the progress bar is not the actual size of the drive This is the actual data ...

Page 123: ...es and can set their own password key for the encrypted drive Users can decrypt a drive that was encrypted with Talon Ultimate by using the Talon Ultimate to decrypt or by using VeraCrypt TrueCrypt or FreeOTFE Q Does the Talon Ultimate provide log files A Yes each operation task produces a log file The log file is viewable on the Talon Ultimate screen or remotely on a PC in an HTML format The log ...

Page 124: ... 31 Imaging Mode 31 IP Settings Proxy settings 76 Language 74 Logs 25 63 Mirror Settings 37 network connection 102 Network Services Disabling 76 Network Settings 30 Overview 5 Passwords 80 Printing Log Files 108 Proxy Settings 77 Quick Start 14 Remote Operation 102 Remote operation CLI 103 Remote Operation Web Interface 102 RoHS Directive 2002 95 EC III S M A R T Self Monitoring Analysis and Repor...

Page 125: ... at 001 818 700 8488 7am 5pm PST M F excluding US legal holidays or by email to techsupport logicube com Software Attribution Ubuntu 12 04 LTS http www ubuntu com Linux Kernel 3 2 48 GPL v2 http www kernel org modified libcli 1 9 5 LGPL v2 1 https github com dparrish libcli modified monitorix 3 2 1 GPL v2 http www monitorix org modified ...

Search results

Summary of Contents for TALON ULTIMATE

Reviews:

Related manuals for TALON ULTIMATE

Brands by name

Popular brands

Logicube TALON ULTIMATE, User Manual

Search results

Summary of Contents for TALON ULTIMATE

Reviews:

Related manuals for TALON ULTIMATE

Brands by name

Popular brands