Logical Imaging

Key features

• Smart include and exclude filters
• L01 format for target image file
• Compression of L01 image file
• Up to 3 parallel logical imaging sessions
• Pause and resume option for each imaging session
• Support for all popular device types and file systems

Sources

As a source for logical imaging, you can use:

• Physical drives, connected directly or via extension modules
  • SATA
  • USB
  • IDE
  • NVMe via M.2 extension module
  • SAS via SAS extension module
  • MacBook drives via Apple PCIe SSD or Thunderbolt extension modules
• Image files from a Source drive
  • RAW
  • E01
  • AFF4

Supported file systems

Insight’s Logical imaging module fully supports the following file systems:

• NTFS, APFS, XFS, ext4/3/2, exFAT, Btrfs, HFS/HFS+, FAT32, FAT16.

Targets

Insight Forensic provides versatile options for target file location:

• Local PC
• Remote network drive
• Storage drive, directly connected to the Insight hardware unit

Feature: Smart filters

Although you can manually select partitions, folders and files you want to image, Insight also offers powerful and flexible built-in filters:

• All or selected partitions
• Predefined file types:
  • documents
  • pictures
  • video
  • audio
  • emails
  • archives
  • databases
  • financial
  • security keys
  • virtual machines
• Predefined folder types:
  • User folders
  • OS folders
• Time spans: when files were accessed, created or modified
• File size: from 1 byte to infinity
• First bytes of file (file signatures)
• Hash: MD5, SHA1, SHA224, SHA256, SHA384, SHA512

Feature: Pause and resume

Pause any running logical imaging session when needed. After pause, Insight reliably saves all session settings and progress.

Seamlessly resume logical imaging from the exact point where you’ve stopped.

The Pause and resume feature could be helpful when you need to:

• Turn off your equipment and leave the lab for a night or
• Continue a logical imaging process at the different location