Notifications
Clear all

Forensic Talon

5 Posts
4 Users
0 Likes
499 Views
(@pmurton)
Posts: 14
Active Member
Topic starter
 

I was at the UK Infosec exhibition last week, and was shown the Logicube Forensic Talon. It looks to be a nice piece of kit.

Historically, we've only imaged through Encase or FTK Imager. I can think of a number of circumstances where the Talon device would be useful.

Does anyone have any experience with one of these devices. It apparently has the ability to do keyword searches on the fly while acquiring.

One of the 'sales' type people said that the validity of images taken with the Talon had been tested in court. Can anyone confirm this?

Paul

 
Posted : 29/04/2008 7:33 pm
(@bithead)
Posts: 1206
Noble Member
 

We started with the Logicube SF-5000, upgraded those units to the newer MD-5 units and have been adding some Talons. They are very fast and easy to deploy. We also have a Solo-3 (from icsforensic) that is being compared to the Talon for the next round of purchases. All these units are significantly faster than capturing to a PC. The drawback is cost. If you have a large investment in write blockers it may be a tough sell. On the corporate side time is money so the justification is easier.

We have had some cases where we had to fall back on the MD-5 because the Talon would not capture. I believe that issue was fixed in a firmware upgrade as we have not had any recent issues.

Logicube used to have cases on their site, you may have to contact sales for examples. (There are plenty of testimonials)

 
Posted : 29/04/2008 8:07 pm
(@paull)
Posts: 6
Active Member
 

I would love to hear the end result of the comparison, as I'm deciding between the Hardcopy II (cheap and apparently fast), Talon, and Solo III.

The intriguing claim by Talon is the use of a card with search terms that will record the sectors containing the terms for later examination with no "noticeable" loss in speed. So there is a free lunch?

Anyways, I'd love hear more.

 
Posted : 12/07/2008 1:26 pm
(@bithead)
Posts: 1206
Noble Member
 

The HardCopy 2 on the face of things seems like an easy inexpensive choice for a hardware imager. However if you turn on MD5 hashing the 5.5GB/min. speed drops to around 2 GB/min. One other issue, the HC2 can only image to one target drive at a time. So if need to make one image for each side, you have to image the suspect drive twice, which is sometimes an issue with damaged drives.

The Talon and the older MD5 have the capabilities of key word searching while imaging. I have not done tests on actual speed, but if the list is relatively small there appears to be little reduction in speed. The Talon and MD5 can also be controlled by FTK. The Talon has a RAID option.

The Solo III can image to two target drives at one time which is very handy in black bag jobs or instances where a damaged suspect drive may be encountered.

As they say, the Jury is still out on Talon v. Solo III.

 
Posted : 12/07/2008 5:17 pm
(@kovar)
Posts: 805
Prominent Member
 

Greetings,

I use our Talon whenever possible. The HC II is a backup. The Talon's physical packaging and cable configuration is far superior to the HC II. The Talon's user interface is far superior as well. I simply feel a lot more confident about the process when using the Talon. But, you can buy two HC IIs for the cost of a single Talon….

There is a HC III out, or coming out soon. It'll write to two destination drives at the same time, a major win. I don't know if they've fixed the cabling issues or not.

-David

 
Posted : 14/07/2008 10:35 pm
Share: