
How to Overcome the Backlog of Evidence Media in Your Digital Forensic Lab
The backlog for processing evidence media in digital forensic labs is a persistent challenge due to the increasing volume of evidence and the growing size of storage devices. In order to overcome these challenges, labs examining multiple types of evidence in a case now have to consider:
The need for multi-ports, high-speed forensic imagers to image multiple evidence media simultaneously and independently.
Support for a wide range of media types, especially newer NVMe SSDs.
High network bandwidth (e.g., 10GbE) for rapid network transfer and central storage upload.
Due to limited ports and throughput, traditional forensic towers are inadequate for multi-evidence scenarios.
What to Look for in A High Volume Forensic Imaging Solution
When evaluating possible solutions, digital forensic labs should look for a system that will provide high-performance and multiple ports to conduct forensic imaging. Here are the most important things to consider:
Multi-Channel Imaging:
Multiple write-blocked input ports.
Each channel operates independently and concurrently.
Support simultaneous imaging to multiple destinations.
Media Compatibility:
SATA, SAS, USB 3.2, SD/MicroSD, and native NVMe (U.2, M.2, PCIe storage controllers).
Hot-swappable bays for quick turnaround.
High Throughput:
Support for sustained imaging speeds of above 30 GB/min per port.
Internal architecture based on PCIe Gen4
10GbE or Higher Network Connectivity:
Upload images directly to network-attached storage (NAS/SAN).
Ideal for integration with centralized evidence repositories
Automation & Scheduling:
Pre-configured imaging workflows. (scripting)
Scheduled tasks and automated hash verification (MD5/SHA1/SHA256).
Remote Management (Optional):
Web GUI or API access for remote queue management and monitoring.
Here is one of the best solutions: The SuperImager® Plus 8 NVMe and 4 SAS/SATA digital forensic lab
The SuperImager Desktop 8 NVMe (PCIE 4.0) 4 SAS/SATA ports is a high-performance digital forensic imaging, cloning, and duplication system developed by MediaClone. It's part of their SuperImager product line, tailored for forensic labs that need massive forensic imaging from multiple and different storage devices quickly and securely.
Hardware Specifications
Processor: Intel-based, ultra 9 that is built for speed
RAM: 32GB DDR5 (can upgraded to 256GB)
Storage: 1TB Internal SSD for OS, application, and case management logs
Display: Supplied with 10” touchscreen monitor
Ports:
8 NVMe U.2/M.2 native ports (PCIe 4.0l)
4 SAS/SATA native ports
3 Thunderbolt 4.0/5.0 ports for expansion
USB 3.2 Gen 2x2 ports for external drives
Network ports: 2.5GbE and 10GbE for remote capture, forensic image upload, or network capture
Software Features
SuperImager application (Linux-based open OS)
Accelerate Write-blocking for source drives
Supports multiple imaging formats: DD, E01, Ex01, AFF, etc.
Authentication with MD5, SHA-1, SHA-256, SHA-512 hashing (before/during/after)
Independent unlimited simultaneous imaging sessions with very little speed degradation (not queuing)
Keyword search on the fly
Keyword search before capture
Encryption on the fly with AES256 XTS
Open BitLocker (when passwords or key files are provided)
Supports for APFS Apple partitions
Virtual emulator of Suspect drive – to view and copy files
File system support: NTFS, exFAT, FAT32, HFS+, EXT, etc.
Supports for RAID (hardware and software)
Network traffic
Forensic Functions
Imaging Modes:
Bit-by-bit forensic imaging
Selective imaging (by file/folder) – Triage data collection, which is the future and great for simultaneous data extraction from cell phones (Logical extraction) and viewing the data on the screen
Supports for bad drives include bad sector handling and reverse imaging
Drive Wiping/Erasure:
Secure erase (NIST 800-88), DoD 5220.22-M, Sanitize, NVMe tools.
Drive Diagnostics & IT Cloning
Case management and audit trail logging
Remote capture from unopened laptops (MAC and Intel) over the network
Windows11 Functions:
The unit is configured with a dual open OS of Ubuntu and Win11, which brings the best of both worlds. Ubuntu is very efficient at data capture, and Win11 is used to complete the unit with any third-party applications, like Forensic analysis, Forensic Triage, Cellphone physical extraction, and more.
Combining capture and analysis in one unit is a great advantage since the data is already captured and ready for analysis. The hardware of this unit is very strong and can handle heavy analysis tasks like running the Nuix application.
Use Cases
Digital Forensic labs
Digital forensic investigations
Cyber incident response
Data recovery labs
Common Accessories
NVMe to M.2 adapters
USB to SAS/SATA adapters
USB3.2 Gen2x2 to NVMe adapters
Expansion bays or docking stations
For more information or to request a quote, visit www.media-clone.net