TYPES OF OPERATIONS
Logicube Falcon
®
-Neo User’s Manual 56
Net Traffic to File – Capture network traffic data using this imaging mode. Network
traffic that can be captured can include local network activity, internet activity, and VOIP
activity. The data is saved and stored to a *.pcanpg file format.
Drive to Drive – Performs a bit-for-bit copy of the Source producing an exact duplicate
of the Source drive.
File to Drive (Image Restore) – Restores DD, E01, EX01, and DMG images created by the
Falcon-NEO.
Details on the different screens found in the Imaging operation can be found in Chapter 4:
Imaging.
2. HASH/VERIFY – Perform a SHA-1, SHA-256, or MD5 hash of a drive or verify the file hash of a
case (image).
3. WIPE/FORMAT – This type of operation is used to erase, wipe, and/or format drives. There are
three main settings:
Secure Erase – Sends a command to the drive instructing it to perform a secure erase
based on the drive manufacturer’s specifications.
Wipe Patterns – Allows the user to set a specific pattern to use for wiping the drive. The
number of passes is customizable (up to 7 passes) along with the type of data written for
each pass. In addition, a 7-pass DoD wipe can be set.
Format – Formats the Destination using any of the following file systems (with or without
AES-256 encryption):
o EXT4
o NTFS
o EXFAT
o FAT32
4. PUSH – The network Push feature gives users the ability to push evidence files from destination
drives connected to the Falcon-NEO or from a Falcon-NEO repository to a network location. The
Push feature provides a more secure method than simply copying and pasting to the analysis
computer by performing an MD5 or SHA hash during the push process. Additionally, users can
select to verify the file transfer to ensure data integrity. Network users can then quickly preview
data or copy data to a local drive or to any other directory on the network. The Falcon-NEO will
create a log file for each push process.
5. TASK MACRO – Set up to nine (9) different tasks to perform sequentially (one after another).
For example, a macro can be set to perform these tasks in order: Wipe, image, hash, push, then
wipe again.
6. FILE BROWSER – Preview the contents of all connected Source or Destination drives on the
Falcon-NEO. The Falcon-NEO will show all viewable partitions and the contents of each partition.
7. LOGS – Display logs of each task that has been performed on the Falcon-NEO.
8. STATISTICS – This will display several tabs that include:
About – Displays information about the Falcon-NEO. Additionally, a QR code can be
found on this page. When the QR code is scanned on a device connected to the same
To Next Page
Loading...
Need help?
General
