EviTrack Forensic Applications

EviTrack Assure - Overview

Evitrack Assure, a low cost digital forensic imaging application that simply guides a user through both the process and options available when looking to obtain forensically sound copies of data contained on accessible electronic media. Such as hard drives, USB keys, flash drives, SD cards or other types of storage media for subsequent analysis.

Developed so that:

  • Where circumstances allow or dictate:
    • Members of the public could obtain a forensic image of the media, removing the need for an expert to attend.
    • Obtaining sound images of data could effectively be undertaken by a non-expert and then forwarded to an analyst by post.
      Reducing the number of on-site visits needed by analysts, saving time and money.
  • The application can be used by anyone.
  • Data acquired in ‘forensic mode’ complies with the principles of ACPO guidelines.

Currently, data can be acquired using one of two formats, ewf or dd. Both are de facto industry standards and can be imported/analysed by forensic software. Both will create exact copies of entire devices, in different ways and depending on the particular circumstances one is likely to more beneficial than the other.

There is also the choice of making ‘forensic’ or ‘intelligence’ copies of data. Again, depending on circumstances one will be more suited than the other.

Can I use Assure - Find out with CheckBoot?

Not sure whether you can use Assure ? Just download CheckBoot to see – it’s free.

If it works, it will not only let you know but it will also confirm the size(s) of all the drives. 

Example of Assure forensic imaging log
Logging - Extract

“Having provided testimony for cases in the UK as well as, Europe, Asia, the USA and the Middle East where the principles of ACPO guidelines were used when presenting evidence. It would appear that these guidelines in all but name have become the de facto standards by which electronic evidence is accepted in these territories too.”

Designed with security & flexibility in mind

EviTrack Assure is currently available in two guises:

  • Solo – with built-in storage, and
  • PenDrive – without storage

Both have full disk encryption.

Solo has separate areas of encryption for both the application and data storage areas. Where every storage area created has its own unique key. Meaning no two built-in case storage areas are encrypted with the same key.

What does this mean in simple English?

It means that should a drive containing acquired data go missing in transit or fall into the wrong hands, the data is secure. The worst thing that can happen is that the storage device is wiped and repurposed.

Assure options at a glance.

Works on host and target computers* running:

  • Windows
  • Linux
  • MacOS**

Operates in either:

  • Forensic or 
  • Intelligence mode

Files Created:

  • EWF (Expert Witness) or
  • DD (Data Dump)

Looking for advice

Who might use Assure? Find out more here.

  

Looking for specific advice regarding a possible event or scenario?

In confidence, send a contact number or email address to [email protected]

Alternatively, contact Computer Crime Consultants who have undertaken thousands of investigations and have a wealth of experience with most types of investigations and intelligence gathering exercises.

Computer Crime Consultants

EviTrack Assure does NOT currently work on mobile phones or other smart devices or where access to a target device’s BIOS or boot menu is not possible.

However, memory cards extracted from smart devices can be imaged.

Assure Solo imaging app

Notes:

*  Needs access to a system’s boot menu or BIOS.

 

** At present, whilst both versions of EviTrack are recognised by MacOS systems, inconsistencies exist with both connectivity and recognition in relation to Solo’s encrypted partitions.

In testing, if looking to acquire data from a MacBook. A combination of Assure PenDrive using a Thunderbolt drive for storage is the only combination which consistently works.
Without getting to technical, it has something to do with Apple’s implementation of API and is something we a looking into.

Interested in new releases, sign up here

    EviTrack assure forensic imaging application

    EviTrack Assure forensic imaging

    Shopping Cart
    Scroll to Top