EviTrack Assure - Overview
Evitrack Assure, a low cost digital forensic imaging application that simply guides a user through both the process and options available when looking to obtain forensically sound copies of data contained on accessible electronic media. Such as hard drives, USB keys, flash drives, SD cards or other types of storage media for subsequent analysis.
Developed so that:
- Where circumstances allow or dictate:
- Members of the public could obtain a forensic image of the media, removing the need for an expert to attend.
- Obtaining sound images of data could effectively be undertaken by a non-expert and then forwarded to an analyst by post.
Reducing the number of on-site visits needed by analysts, saving time and money.
- The application can be used by anyone.
- Data acquired in ‘forensic mode’ complies with the principles of ACPO guidelines.
- Any evidence recovered from an image acquired using Assure is capable of being used in a court of law or other tribunal.
- Click here for more information on ACPO guidelines.
Currently, data can be acquired using one of two formats, ewf or dd. Both are de facto industry standards and can be imported/analysed by forensic software. Both will create exact copies of entire devices, in different ways and depending on the particular circumstances one is likely to more beneficial than the other.
There is also the choice of making ‘forensic’ or ‘intelligence’ copies of data. Again, depending on circumstances one will be more suited than the other.
Can I use Assure - Find out with CheckBoot?
Not sure whether you can use Assure ? Just download CheckBoot to see – it’s free.
If it works, it will not only let you know but it will also confirm the size(s) of all the drives.
“Having provided testimony for cases in the UK as well as, Europe, Asia, the USA and the Middle East where the principles of ACPO guidelines were used when presenting evidence. It would appear that these guidelines in all but name have become the de facto standards by which electronic evidence is accepted in these territories too.”
Designed with security & flexibility in mind
EviTrack Assure is currently available in two guises:
- Solo – with built-in storage, and
- PenDrive – without storage
Both have full disk encryption.
Solo has separate areas of encryption for both the application and data storage areas. Where every storage area created has its own unique key. Meaning no two built-in case storage areas are encrypted with the same key.
What does this mean in simple English?
It means that should a drive containing acquired data go missing in transit or fall into the wrong hands, the data is secure. The worst thing that can happen is that the storage device is wiped and repurposed.
Assure options at a glance.
Works on host and target computers* running:
Operates in either:
- Forensic or
- Intelligence mode
- EWF (Expert Witness) or
- DD (Data Dump)
Looking for advice
Who might use Assure? Find out more here.
Looking for specific advice regarding a possible event or scenario?
In confidence, send a contact number or email address to firstname.lastname@example.org
Alternatively, contact Computer Crime Consultants who have undertaken thousands of investigations and have a wealth of experience with most types of investigations and intelligence gathering exercises.
EviTrack Assure does NOT currently work on mobile phones or other smart devices or where access to a target device’s BIOS or boot menu is not possible.
However, memory cards extracted from smart devices can be imaged.
* Needs access to a system’s boot menu or BIOS.
** At present, whilst both versions of EviTrack are recognised by MacOS systems, inconsistencies exist with both connectivity and recognition in relation to Solo’s encrypted partitions.
In testing, if looking to acquire data from a MacBook. A combination of Assure PenDrive using a Thunderbolt drive for storage is the only combination which consistently works.
Without getting to technical, it has something to do with Apple’s implementation of API and is something we a looking into.
Interested in new releases, sign up here
EviTrack assure forensic imaging application