SuperImager Desktop 8 NVMe 4 SAS/SATA digital forensic lab

How to Overcome the Backlog of Evidence Media in Your Digital Forensic Lab

June 19, 20254 min read

The backlog for processing evidence media in digital forensic labs is a persistent challenge due to the increasing volume of evidence and the growing size of storage devices. In order to overcome these challenges, labs examining multiple types of evidence in a case now have to consider:

  • The need for multi-ports, high-speed forensic imagers to image multiple evidence media simultaneously and independently.

  • Support for a wide range of media types, especially newer NVMe SSDs.

  • High network bandwidth (e.g., 10GbE) for rapid network transfer and central storage upload.

  • Due to limited ports and throughput, traditional forensic towers are inadequate for multi-evidence scenarios.

What to Look for in A High Volume Forensic Imaging Solution

When evaluating possible solutions, digital forensic labs should look for a system that will provide high-performance and multiple ports to conduct forensic imaging. Here are the most important things to consider:

  • Multi-Channel Imaging:

  • Multiple write-blocked input ports.

  • Each channel operates independently and concurrently.

  • Support simultaneous imaging to multiple destinations.

  • Media Compatibility:

  • SATA, SAS, USB 3.2, SD/MicroSD, and native NVMe (U.2, M.2, PCIe storage controllers).

  • Hot-swappable bays for quick turnaround.

  • High Throughput:

  • Support for sustained imaging speeds of above 30 GB/min per port.

  • Internal architecture based on PCIe Gen4

  • 10GbE or Higher Network Connectivity:

  • Upload images directly to network-attached storage (NAS/SAN).

  • Ideal for integration with centralized evidence repositories

  • Automation & Scheduling:

  • Pre-configured imaging workflows. (scripting)

  • Scheduled tasks and automated hash verification (MD5/SHA1/SHA256).

  • Remote Management (Optional):

  • Web GUI or API access for remote queue management and monitoring.

Here is one of the best solutions: The SuperImager® Plus 8 NVMe and 4 SAS/SATA digital forensic lab

The SuperImager Desktop 8 NVMe (PCIE 4.0) 4 SAS/SATA ports is a high-performance digital forensic imaging, cloning, and duplication system developed by MediaClone. It's part of their SuperImager product line, tailored for forensic labs that need massive forensic imaging from multiple and different storage devices quickly and securely.

Hardware Specifications

  • Processor: Intel-based, ultra 9 that is built for speed

  • RAM: 32GB DDR5 (can upgraded to 256GB)

  • Storage: 1TB Internal SSD for OS, application, and case management logs

  • Display: Supplied with 10” touchscreen monitor

  • Ports:

  • 8 NVMe U.2/M.2 native ports (PCIe 4.0l)

  • 4 SAS/SATA native ports

  • 3 Thunderbolt 4.0/5.0 ports for expansion

  • USB 3.2 Gen 2x2 ports for external drives

  • Network ports: 2.5GbE and 10GbE for remote capture, forensic image upload, or network capture

Software Features

  • SuperImager application (Linux-based open OS)

  • Accelerate Write-blocking for source drives

  • Supports multiple imaging formats: DD, E01, Ex01, AFF, etc.

  • Authentication with MD5, SHA-1, SHA-256, SHA-512 hashing (before/during/after)

  • Independent unlimited simultaneous imaging sessions with very little speed degradation (not queuing)

  • Keyword search on the fly

  • Keyword search before capture

  • Encryption on the fly with AES256 XTS

  • Open BitLocker (when passwords or key files are provided)

  • Supports for APFS Apple partitions

  • Virtual emulator of Suspect drive – to view and copy files

  • File system support: NTFS, exFAT, FAT32, HFS+, EXT, etc.

  • Supports for RAID (hardware and software)

  • Network traffic

Forensic Functions

  • Imaging Modes:

  • Bit-by-bit forensic imaging

  • Selective imaging (by file/folder) – Triage data collection, which is the future and great for simultaneous data extraction from cell phones (Logical extraction) and viewing the data on the screen

  • Supports for bad drives include bad sector handling and reverse imaging

  • Drive Wiping/Erasure:

  • Secure erase (NIST 800-88), DoD 5220.22-M, Sanitize, NVMe tools.

  • Drive Diagnostics & IT Cloning

  • Case management and audit trail logging

  • Remote capture from unopened laptops (MAC and Intel) over the network

Windows11 Functions:

The unit is configured with a dual open OS of Ubuntu and Win11, which brings the best of both worlds. Ubuntu is very efficient at data capture, and Win11 is used to complete the unit with any third-party applications, like Forensic analysis, Forensic Triage, Cellphone physical extraction, and more.

Combining capture and analysis in one unit is a great advantage since the data is already captured and ready for analysis. The hardware of this unit is very strong and can handle heavy analysis tasks like running the Nuix application.

Use Cases

  • Digital Forensic labs

  • Digital forensic investigations

  • Cyber incident response

  • Data recovery labs

Common Accessories

  • NVMe to M.2 adapters

  • USB to SAS/SATA adapters

  • USB3.2 Gen2x2 to NVMe adapters

  • Expansion bays or docking stations

For more information or to request a quote, visit www.media-clone.net

Back to Blog