A New Standard in Digital Forensics

Extremely fast forensic imaging at over 30GB/min* Image and verify from 4 source drives to 5 destinations Write-blocked preview & triage of suspect drive contents Image to or from a network location Multi-task. Set Image, wipe, hash tasks to run concurrently Targeted Imaging feature allows you to create a logical image using pre-set, custom filters, file signature filters and/or keyword search to capture only specific files needed Supports PCIe SSDs (M.2 SATA/AHCI/NVME type) with optional adapters Without exception, the most technologically advanced forensic imaging solution available. Blazing fast performance, feature-packed, and designed to meet future technology advances, the Falcon sets a new standard of excellence in digital forensic imaging solutions.

FEATURES

­n The Falcon is blazing fast with imaging speeds of ­n Built-in support for SAS/SATA/USB3/FireWire n Write-blocked preview/triage hard drive contents. over 30GB/min* storage devices. Adapters are included with Use the Falcon as a write-blocker. The file browser ­n Image and verify to multiple image formats; Falcon to support 1.8”/2.5”/3.5”/1.8” ZIF IDE and feature provides write-blocked access to source or native copy, dd image, e01, ex01 and file-based microSATA drive interfaces. Optional adapters are destination drives connected to Falcon. View the copy. Compression available for E01/Ex01 available for eSATA, mSATA and compact flash drive’s partitions and contents and view text files, formats. Uses SHA1, SHA256, MD5 and dual-hash drives. An optional SCSI module provides support jpeg, PDF, XML, or HTML files. File types such as (MD5+SHA1) authentication. for 1 SCSI source and 1 destination drive. .doc and .xls can be viewed by connecting Falcon to a network, download and view on a PC. Users ­n 4 Source and 5 Destination ports. Write-blocked ­n PCIe Support. Support for M.2 PCIe and M.2 NVMe can also preview source or destination drives using source ports include 2 SAS/SATA, 1 USB 3.0, 1 type SSDs and mini-PCIe and PCIe express cards the USB connection from the Falcon to a computer, FireWire. Destination ports include 2 SAS/SATA, 2 is provided using an optional express card adapter or by using the SMB protocol. The iSCSI protocol USB 3.0 and 1 FireWire. One Gigabit Ethernet port combined with specific interface adapters. can be used to preview source drives. is available. USB source and destination can be ­n CD/DVD/Blu-ray Imaging. The Falcon can image converted to SATA using a USB to SATA converter. CD/DVD/Blu-ray media by using a USB optical ­n Web browser. Connect to a networked Falcon from your laptop/desktop using a web browser ­n Targeted Imaging feature shortens acquisition drive connected to the USB port on the Falcon. The to manage all operations remotely. Features time. Create a logical image by using pre-set Falcon supports multi-session CD/DVDs. automatic page scaling for iPad type devices. filters, custom filters, file signature filters, and/or ­n Image to or from a network location or an keyword search function to select and acquire only external storage device. Use the Falcon to image ­n Image from a desktop or laptop PC without the specific files you need. An MFT report can be to a network location using CIFS protocol and/ removing the hard drive. Create a forensic bootable generated that contains a potential deleted file list. or image from a network location using iSCSI. USB flash drive to image a source drive from a Format output to LX01, ZIP or directory tree. Users Users can use iSCSI as a source or destination drive. computer on the same network without booting can browse and view directly on the Falcon display, Image to an external storage device (such as a the computer’s native O/S. or manage and view on a networked Falcon from NAS) using the Gigabit Ethernet, USB3.0 or SAS/ ­n Image from a MAC™ system booted in “target your laptop/desktop using a web browser. SATA connection disk mode” using the write-blocked FireWire ­ port on Falcon. MACs with either FireWire or Thunderbolt ports can be connected to the Falcon, a Thunderbolt to FireWire adapter is required. ­ www.logicube.com

19755 Nordhoff Place, Chatsworth, CA 91311 U.S.A. Toll-free (in U.S. only): 888.494.8832 n Tel: 818.700.8488 n Fax: 818.700.8466 A New Standard in Digital Forensics

FEATURES cont’d

n Multi-task. Image from multiple source drives to ­n Network Push feature. Push evidence files from n Audit Trail/Log files provide detailed information multiple destination drives or wipe one destination connected destination drives or from a Falcon on each operation. Log files can be viewed on drive while imaging to another. Perform up to five repository to a network location. The Falcon Falcon or via a web browser, exported in XML, tasks concurrently. performs an MD5 or SHA hash during the push HTML or PDF format to a USB enclosure. Users ­n Parallel Imaging. Perform multiple imaging process, a log file is generated for each push can print the log files directly from their PC when tasks from the same source drive to multiple process. connected to Falcon via a web browser. destinations using different imaging formats. ­n Image restore feature. File to drive mode restores ­n Additional features include HPA/DCO capture, ­n Concurrent Image+Verify. The Falcon begins DD, E01, EX01 images created by the Falcon to drive “trim” feature manipulates the DCO and verification during the imaging process. Duration another drive HPA areas of destination drives, create password- of total image plus verification process time may ­n Task Macro. Set specific tasks to be performed protected user profiles and save configurations, be reduced by up to half. sequentially; first wipe the destination drive then drive “time-out” feature automatically puts drives in stand-by mode after a specified idle ­n Secure sensitive evidence data with whole drive hash the source drive then image the source time, “task completed” audible beep, blank AES 256 bit Encryption. Decrypt using the Falcon drive. All tasks within the Macro will be performed disk check, drive spanning, 7” color touch screen, or by using open source software programs such automatically. two USB 2.0 host ports for keyboard, mouse as VeraCrypt, FreeOTFE or TrueCrypt ­n Features an internal, removable storage drive that or printer connectivity, and an HDMI port to stores O/S and audit trail/logs. The drive is easily ­n Fast multi-pass wipe (DoD specifications) or use connect a projector or monitor. secure erase to wipe drives, wipe at speeds of up removed for secure/classified locations. to 27GB/min. *The Forensic Falcon™ achieves speeds of over 30GB/min using solid state “suspect” drives that contain a freshly installed Windows “X” OS and random data. Settings used are e01/ex01 image format, with compression and with verify “on”. The specification and condition of the suspect hard drives as well as the mode, image format and settings used during the imaging process may affect the achieved speeds.

IN THE BOX The following items are included with the Forensic Falcon:

­n 1 USB 3.0 device cable ­n 1.8” IDE to SATA adapter ­n 1 USB A female to micro B male converter coupler adapter ­n 1.8” microSATA adapter ­n 4 6-pin SATA power plugs ­n CD-ROM with Users’ Manual ­n 1.8” IDE ZIF to SATA adapter ­n 1 USB A female to USB mini-B 5 pin male adapter ­n Carrying case­ ­n 2.5”/3.5” IDE to SATA adapter

OPTIONS The following options are available for the Forensic Falcon:

­n SCSI Module provides 1 write-blocked source port and 1 ­n mSATA to SATA adapter ­n Flash Media Reader for compact flash cards, destination port. Built in support for 68-pin SCSI drives ­n USB 3.0 to SATA Adapter SD cards and other flash media ­n 50-pin to 68-pin or 80-pin to 68-pin SCSI adapters for use ­n USB 3.0 4-port hub ­n Hard-sided carrying case with SCSI Module ­n PCIe adapter kit includes adapters for M.2 PCIe, ­n eSATA to SATA cable converter M.2 NVMe, mSATA SSDs, PCie and mini-PCIe cards

SPECIFICATIONS

Power Power Operating Relative Net Dimensions Agency Requirements Consumption Temperature Humidity Weight Approvals

12 V DC, Grounded < 140W with drives 0 to 40°C 20% to 80% 2.4lbs/1.09k 8.5” W X 3” H X6.25” D RoHs compliant 11.5 AMP (32 to 104°F) 9lbs/4.3k with 21.6cm X 7.6cm X15.9cm FCC Part 15 Class A case & shipping box CE www.logicube.com

19755 Nordhoff Place, Chatsworth, CA 91311 U.S.A. Toll-free (in U.S. only): 888.494.8832 n Tel: 818.700.8488 n Fax: 818.700.8466