advertisement
▼
Scroll to page 2
of 125
Talon® Ultimate User’s Manual Logicube, Inc. Chatsworth, CA 91311 USA Phone: 818 700 8488 Fax: 818 700 8466 Version: 1.1 Date: 05/09/16 MAN-TALON_ULTIMATE ® Logicube Talon Ultimate User’s Manual I Limitation of Liability and Warranty Information Logicube Disclaimer LOGICUBE IS NOT LIABLE FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO PROPERTY DAMAGE, LOSS OF TIME OR DATA FROM USE OF A LOGICUBE PRODUCT, OR ANY OTHER DAMAGES RESULTING FROM PRODUCT MALFUNCTION OR FAILURE OF (INCLUDING WITHOUT LIMITATION, THOSE RESULTING FROM: (1) RELIANCE ON THE MATERIALS PRESENTED, (2) COSTS OF REPLACEMENT GOODS, (3) LOSS OF USE, DATA OR PROFITS, (4) DELAYS OR BUSINESS INTERRUPTIONS, (5) AND ANY THEORY OF LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE (OR FROM DELAYS IN SERVICING OR INABILITY TO RENDER SERVICE ON ANY) LOGICUBE PRODUCT. LOGICUBE MAKES EVERY EFFORT TO ENSURE PROPER OPERATION OF ALL PRODUCTS. HOWEVER, THE CUSTOMER IS RESPONSIBLE TO VERIFY THAT THE OUTPUT OF LOGICUBE PRODUCT MEETS THE CUSTOMER’S QUALITY REQUIREMENT. THE CUSTOMER FURTHER ACKNOWLEDGES THAT IMPROPER OPERATION OF LOGICUBE PRODUCT AND/OR SOFTWARE, OR HARDWARE PROBLEMS, CAN CAUSE LOSS OF DATA, DEFECTIVE FORMATTING, OR DATA LOADING. LOGICUBE WILL MAKE EFFORTS TO SOLVE OR REPAIR ANY PROBLEMS IDENTIFIED BY CUSTOMER, EITHER UNDER WARRANTY OR ON A TIME AND MATERIALS BASIS. Warranty DISCLAIMER IMPORTANT - PLEASE READ THE TERMS OF THIS AGREEMENT CAREFULLY. BY INSTALLING OR USING LOGICUBE PRODUCTS, YOU AGREE TO BE BOUND BY THIS AGREEMENT. IN NO EVENT WILL LOGICUBE BE LIABLE (WHETHER UNDER THIS AGREEMENT, RESULTING FROM THE PERFORMANCE OR USE OF LOGICUBE PRODUCTS, OR OTHERWISE) FOR ANY AMOUNTS REPRESENTING LOSS OF PROFITS, LOSS OR INACCURACY OF DATA, LOSS OR DELAYS OF BUSINESS, LOSS OF TIME, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES, OR TECHNOLOGY, PROPERTY DAMAGE, OR INDIRECT, CONSEQUENTIAL, OR PUNITIVE DAMAGES OF A PURCHASER OR USER OF LOGICUBE PRODUCTS OR ANY THIRD PARTY. LOGICUBE’S AGGREGATE LIABILITY IN CONTRACT, TORT, OR OTHERWISE (WHETHER UNDER THIS AGREEMENT, RESULTING FROM THE PERFORMANCE OR USE OF LOGICUBE PRODUCTS, OR OTHERWISE) TO A PURCHASER OR USER OF LOGICUBE PRODUCTS SHALL BE LIMITED TO THE AMOUNT PAID BY THE PURCHASER FOR THE LOGICUBE PRODUCT. THIS LIMITATION OF LIABILITY WILL BE EFFECTIVE EVEN IF LOGICUBE HAS BEEN ADVISED OF THE POSSIBILITY OF ANY SUCH DAMAGES. ® Logicube Talon Ultimate User’s Manual I LOGICUBE MAKES EVERY EFFORT TO ENSURE PROPER OPERATION OF ITS PRODUCTS. HOWEVER, THE PURCHASER IS RESPONSIBLE FOR VERIFYING THAT THE OUTPUT OF A LOGICUBE PRODUCT MEETS THE PURCHASER’S REQUIREMENTS. THE PURCHASER FURTHER ACKNOWLEDGES THAT IMPROPER OPERATION OF LOGICUBE PRODUCTS CAN CAUSE LOSS OF DATA, DEFECTIVE FORMATTING, OR DEFECTIVE DATA LOADING. LOGICUBE WILL MAKE EFFORTS TO SOLVE OR REPAIR ANY PROBLEMS IDENTIFIED BY PURCHASER, EITHER UNDER THE WARRANTY SET FORTH BELOW OR ON A TIME AND MATERIALS BASIS. LIMITED WARRANTY FOR ONE YEAR FROM THE DATE OF SALE (THE “WARRANTY PERIOD”) LOGICUBE WARRANTS THAT THE PRODUCT (EXCLUDING CABLES, ADAPTERS, AND OTHER “CONSUMABLE” ITEMS) IS FREE FROM MANUFACTURING DEFECTS IN MATERIAL AND WORKMANSHIP. THIS LIMITED WARRANTY COVERS DEFECTS ENCOUNTERED IN THE NORMAL USE OF THE PRODUCT DURING THE WARRANTY PERIOD AND DOES NOT APPLY TO: PRODUCTS DAMAGED DUE TO PHYSICAL ABUSE, MISHANDLING, ACCIDENT, NEGLIGENCE, OR FAILURE TO FOLLOW ALL OPERATING INSTRUCTIONS CONTAINED IN THE OPERATING MANUAL; PRODUCTS WHICH ARE MODIFIED; PRODUCTS WHICH ARE USED IN ANY MANNER OTHER THAN THE MANNER FOR WHICH THEY WERE INTENDED, AS SET FORTH IN THE OPERATING MANUAL; PRODUCTS WHICH ARE DAMAGED OR DEFECTS CAUSED BY THE USE OF UNAUTHORIZED PARTS OR BY UNAUTHORIZED SERVICE; PRODUCTS DAMAGED DUE TO UNSUITABLE OPERATING OR PHYSICAL CONDITIONS DIFFERING FROM THOSE RECOMMENDED IN THE OPERATING MANUAL OR PRODUCT SPECIFICATIONS PROVIDED BY LOGICUBE; ANY PRODUCT WHICH HAS HAD ANY OF ITS SERIAL NUMBERS ALTERED OR REMOVED; OR ANY PRODUCT DAMAGED DUE TO IMPROPER PACKAGING OF THE WARRANTY RETURN TO LOGICUBE. AT LOGICUBE’S OPTION, ANY PRODUCT PROVEN TO BE DEFECTIVE WITHIN THE WARRANTY PERIOD WILL EITHER BE REPAIRED OR REPLACED USING NEW OR REFURBISHED COMPONENTS AT NO COST. THIS WARRANTY IS THE SOLE AND EXCLUSIVE REMEDY FOR DEFECTIVE PRODUCTS. IF A PRODUCT IS HAS BECOME OBSOLETE OR IS NO LONGER SUPPORTED BY LOGICUBE THE PRODUCT MAY BE REPLACED WITH AN EQUIVALENT OR SUCCESSOR PRODUCT AT LOGICUBE’S DISCRETION. THIS WARRANTY EXTENDS ONLY TO THE END PURCHASER OF LOGICUBE PRODUCTS. THIS WARRANTY DOES NOT APPLY TO, AND IS NOT FOR THE BENEFIT OF, RESELLERS OR DISTRIBUTORS OF LOGICUBE PRODUCTS. UNLESS OTHERWISE AGREED IN WRITING BY LOGICUBE, NO WARRANTY IS PROVIDED TO RESELLERS OR DISTRIBUTORS OF LOGICUBE PRODUCTS. IN ORDER TO RECEIVE WARRANTY SERVICES CONTACT LOGICUBE’S TECHNICAL SUPPORT DEPARTMENT VIA PHONE OR E-MAIL. PRODUCTS RETURNED TO LOGICUBE FOR REPAIR UNDER WARRANTY MUST REFERENCE A LOGICUBE RETURN MATERIAL AUTHORIZATION NUMBER (“RMA”). ANY PRODUCT RECEIVED BY LOGICUBE WITHOUT AN RMA# WILL BE REFUSED AND RETURNED TO PURCHASER. THE PURCHASER MUST CONTACT LOGICUBE’S TECHNICAL SUPPORT DEPARTMENT VIA E-MAIL ([email protected]) OR VIA PHONE AT +1-818-700-8488 OPT. 3 TO OBTAIN A VALID RMA#. THE PURCHASER MAY BE REQUIRED TO PERFORM CERTAIN DIAGNOSTIC TESTS ON A PRODUCT PRIOR TO LOGICUBE ISSUING AN RMA#. THE PURCHASER MUST PROVIDE THE PRODUCT MODEL, SERIAL NUMBER, PURCHASER NAME AND ADDRESS, EMAIL ADDRESS AND A DESCRIPTION OF THE PROBLEM WITH AS MUCH DETAIL AS POSSIBLE. AT LOGICUBE’S SOLE AND ABSOLUTE DISCRETION, REASONABLE TELEPHONE AND EMAIL SUPPORT MAY ALSO BE AVAILABLE FOR THE LIFE OF THE PRODUCT AS DEFINED BY LOGICUBE. EXCEPT AS OTHERWISE SPECIFICALLY PROVIDED IN THIS AGREEMENT, LOGICUBE PRODUCTS ARE PROVIDED AS-IS AND AS-AVAILABLE, AND LOGICUBE DISCLAIMS ANY AND ALL OTHER WARRANTIES (WHETHER EXPRESS, IMPLIED, OR STATUTORY) INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT OF THIRD PARTY RIGHTS. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, OR LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. ® Logicube Talon Ultimate User’s Manual II RoHS Certificate of Compliance LOGICUBE PRODUCTS COMPLY WITH THE EUROPEAN UNION RESTRICTION OF THE USE OF CERTAIN HAZARDOUS SUBSTANCES IN ELECTRONIC EQUIPMENT, ROHS DIRECTIVE (2002/95/EC). THE ROHS DIRECTIVE PROHIBITS THE SALE OF CERTAIN ELECTRONIC EQUIPMENT CONTAINING SOME HAZARDOUS SUBSTANCES SUCH AS MERCURY, LEAD, CADMIUM, HEXAVALENT CHROMIUM AND CERTAIN FLAME-RETARDANTS IN THE EUROPEAN UNION. THIS DIRECTIVE APPLIES TO ELECTRONIC PRODUCTS PLACED ON THE EU MARKET AFTER JULY 1, 2006. Logicube Technical Support Contact Information 1. 2. 3. By website: www.logicube.com By email: [email protected] By telephone: 1 - (818) 700 8488 ext. 3 between the hours of 7am – 5pm PST, Monday through Friday, excluding U.S. legal holidays. ® Logicube Talon Ultimate User’s Manual III Table of Contents TALON® ULTIMATE USER’S MANUAL ............................................................................. I LIMITATION OF LIABILITY AND WARRANTY INFORMATION ........................................... I LOGICUBE DISCLAIMER ........................................................................................................................ I WARRANTY ....................................................................................................................................... I ROHS CERTIFICATE OF COMPLIANCE .................................................................................................... III LOGICUBE TECHNICAL SUPPORT CONTACT INFORMATION........................................................................ III TABLE OF CONTENTS ..................................................................................................... I 1: INTRODUCTION ...................................................................................................... 1 1.0 1.1 1.2 1.3 1.4 INTRODUCTION TO THE LOGICUBE TALON ULTIMATE ........................................................................ 1 FEATURES ................................................................................................................................. 1 IN THE BOX ............................................................................................................................... 2 OPTIONS ................................................................................................................................... 3 SPECIFICATIONS.......................................................................................................................... 3 2: GETTING STARTED .................................................................................................. 5 2.0 OVERVIEW OF THE TALON ULTIMATE ............................................................................................. 5 2.1 TURNING THE TALON ULTIMATE ON AND OFF .................................................................................. 8 2.2 CONNECTING VARIOUS DRIVE TYPES............................................................................................... 8 2.2.1 Connecting Source Drives .............................................................................................. 8 2.2.2 Connecting Destination Drives..................................................................................... 10 2.2.3 Connecting USB 3.0 Drives ........................................................................................... 11 2.2.4 Using USB/FireWire/eSATA enclosures ....................................................................... 11 2.2.5 Connecting SATA Drives using a USB-to-SATA adapter ............................................... 11 2.3 THE USER INTERFACE ................................................................................................................. 12 2.4 TOUCH SCREEN ........................................................................................................................ 13 2.5 HDMI .................................................................................................................................... 13 3: QUICK START ........................................................................................................ 14 3.0 QUICK START GUIDE ................................................................................................................. 14 3.1 IMAGING................................................................................................................................. 14 3.1.1 Step-by-step instructions – Imaging ............................................................................ 15 3.1.1.1 Blank Disk Check ................................................................................................... 17 3.1.1.2 Drive Spanning ...................................................................................................... 18 3.2 HASH / VERIFY ......................................................................................................................... 19 3.2.1 Step-by-step instructions – Hash ................................................................................. 20 3.3 WIPE/FORMAT ........................................................................................................................ 21 3.3.1 Step-by-step instructions – Wipe/Format ................................................................... 22 ® Logicube Talon Ultimate User’s Manual I 3.4 USB DEVICE (VIEWING DRIVE CONTENTS IN WINDOWS) ................................................................. 24 3.4.1 Step-by-step instructions – USB Device ....................................................................... 24 3.5 LOGS ...................................................................................................................................... 25 3.5.1 Step-by-step instructions – Viewing or exporting logs ................................................ 26 3.5.2 Deleting log files........................................................................................................... 27 3.5.3 Accessing the logs over a network ............................................................................... 28 3.6 STATISTICS .............................................................................................................................. 29 3.7 SYSTEM SETTINGS..................................................................................................................... 29 3.8 NETWORK SETTINGS ................................................................................................................. 30 3.9 SOFTWARE UPDATES................................................................................................................. 30 3.10 POWER OFF .......................................................................................................................... 30 4: IMAGING .............................................................................................................. 31 4.0 IMAGING - INTRODUCTION ......................................................................................................... 31 4.0.1 Mode ............................................................................................................................ 31 4.0.2 Drives ........................................................................................................................... 32 4.0.3 Settings......................................................................................................................... 32 4.0.3.1 Case Info (Common Setting) ................................................................................. 33 4.0.3.2 HPA, DCO (Common Setting), and Drive Trim ...................................................... 34 4.0.3.3 Error Handling (Common Setting) ........................................................................ 35 4.0.3.4 Hash/Verification Method (Common Setting) ...................................................... 36 4.0.3.5 Special Settings ..................................................................................................... 37 4.0.3.5.1 Special Settings for Drive to Drive ............................................................................................. 37 4.0.3.5.2 Special Settings for Drive to File ................................................................................................ 40 4.0.4 Destination ................................................................................................................... 43 4.1 STARTING THE IMAGING OPERATION ........................................................................................... 44 6: TYPES OF OPERATIONS ......................................................................................... 46 5.0 TYPES OF OPERATIONS - INTRODUCTION ...................................................................................... 46 5.0.1 Imaging......................................................................................................................... 47 5.0.2 Hash / Verify ................................................................................................................ 48 5.0.2.1 Mode..................................................................................................................... 48 5.0.2.2 Drives .................................................................................................................... 49 5.0.2.2 Settings ................................................................................................................. 49 5.0.2.2.1 Drive Hash Settings ...................................................................................................................... 49 5.0.2.2.2 Case Verify ................................................................................................................................. 52 5.0.2.3 Case Info ............................................................................................................... 52 5.0.3 Wipe / Format .............................................................................................................. 53 5.0.3.1 Destination ........................................................................................................... 54 5.0.3.2 Settings ................................................................................................................. 54 5.0.3.2.1 Secure Erase ................................................................................................................................ 55 5.0.3.2.2 Wipe Patterns .............................................................................................................................. 56 5.0.3.2.3 Format ......................................................................................................................................... 59 5.0.3.3 Case Info ............................................................................................................... 61 5.0.4 USB Device ................................................................................................................... 62 5.0.5 Logs .............................................................................................................................. 63 5.0.6 Statistics ....................................................................................................................... 65 5.0.7 System Settings ............................................................................................................ 66 5.0.7.1 User Profiles/Configurations................................................................................. 67 ® Logicube Talon Ultimate User’s Manual II 5.0.7.2 Passwords ............................................................................................................. 69 5.0.7.2.1 Additional information for Config Lock ..................................................................................... 70 5.0.7.2.2 Forgotten password or config lock key ....................................................................................... 71 5.0.7.3 Encryption Settings ............................................................................................... 73 5.0.7.4 Language/Time Zone ............................................................................................ 74 5.0.7.4.1 Language ..................................................................................................................................... 74 5.0.7.4.2 Time Zone ................................................................................................................................... 74 5.0.7.5 Display .................................................................................................................. 75 5.0.8 Network Settings.......................................................................................................... 76 5.0.8.1 Services ................................................................................................................. 76 5.0.8.2 HTTP Proxy ............................................................................................................ 77 5.0.8.2.1 Server .......................................................................................................................................... 77 5.0.8.2.2 Username/Password .................................................................................................................... 78 5.0.9 Software Update .......................................................................................................... 78 5.0.10 Power Off ................................................................................................................... 78 6: SECURITY – CHANGING THE DEFAULT PASSWORDS................................................ 80 6.0 CHANGING THE DEFAULT PASSWORDS - INTRODUCTION .................................................................. 80 6.0.1 Changing the logicube password ................................................................................. 80 6.0.2 Changing the it password............................................................................................. 81 7: DRIVE ENCRYPTION AND DECRYPTION.................................................................. 82 7.0 DRIVE ENCRYPTION/DECRYPTION - INTRODUCTION ........................................................................ 82 7.1 ENCRYPTING A DESTINATION ...................................................................................................... 83 7.1.1 Step-by-step Instructions ............................................................................................. 83 7.1.2 Using previously encrypted Destination drives ........................................................... 84 7.2 DECRYPTING A TALON ULTIMATE ENCRYPTED DESTINATION DRIVE WITH A TALON ULTIMATE ................ 84 7.2.1 Step-by-step Instructions ............................................................................................. 85 7.3 DECRYPTING THE DRIVE WITHOUT A TALON ULTIMATE ................................................................... 86 7.3.1 Which decryption software to use? ............................................................................. 87 7.3.2 Decrypting using VeraCrypt ......................................................................................... 87 7.3.3 Decrypting using TrueCrypt ......................................................................................... 90 7.3.4 Decrypting using FreeOTFE .......................................................................................... 93 8: UPDATING THE TALON ULTIMATE SOFTWARE....................................................... 98 8.0 LOADING NEW SOFTWARE ......................................................................................................... 98 8.1 SOFTWARE LOADING INSTRUCTIONS ............................................................................................ 98 8.1.1 From Network – Via the web ....................................................................................... 98 8.1.2 From USB Drive – Via software download ................................................................... 99 8.1.2.1 Extracting the software download on a computer with WinZip (or other third party zip software) ........................................................................................................... 100 8.2 FIRMWARE LOADING INSTRUCTIONS .......................................................................................... 101 9: REMOTE OPERATION .......................................................................................... 102 9.0 REMOTE OPERATION - INTRODUCTION....................................................................................... 102 9.1 WEB INTERFACE ..................................................................................................................... 102 9.2 COMMAND LINE INTERFACE (CLI) ............................................................................................. 103 9.3 INSTALLING THE TELNET CLIENT IN WINDOWS VISTA, 7, 8, 8.1, OR 10 ............................................ 103 9.3.1 Connecting via Telnet ................................................................................................ 103 ® Logicube Talon Ultimate User’s Manual III 9.3.2 Connecting via SSH..................................................................................................... 104 9.4 ZERO CONFIGURATION NETWORKING (ZEROCONF) ...................................................................... 105 9.5 CONFIGURING THE TALON ULTIMATE WITH A STATIC IP ADDRESS ................................................... 105 9.5.1 Step-by-step instructions – Static IP address............................................................. 105 9.6 COPYING USER PROFILES/CONFIGURATIONS FROM ONE TALON ULTIMATE TO ANOTHER .................... 107 9.6.1 Step-by-step – Copying User Profiles/Configurations ............................................... 107 10: PRINTING LOG FILES ......................................................................................... 108 10.0 PRINTING LOG FILES - INTRODUCTION...................................................................................... 108 10.1 PRINTING FROM THE WEB INTERFACE ...................................................................................... 108 10.2 CONFIGURING A LOCAL OR NETWORKED PRINTER ....................................................................... 108 10.2.1 Step-by-step – Configuring a local or networked printer ........................................ 109 11: VIEWING EXT4 FORMATTED DESTINATION DRIVES IN WINDOWS ...................... 111 11.0 VIEWING EXT4 FORMATTED DESTINATION DRIVES - INTRODUCTION ............................................. 111 11.0.1 Step-by-step instructions – Using Ext2fsd ............................................................... 111 12: FREQUENTLY ASKED QUESTIONS ...................................................................... 114 12.0 FAQS ................................................................................................................................. 114 13: INDEX ............................................................................................................... 116 TECHNICAL SUPPORT INFORMATION ................................................................................................. 117 SOFTWARE ATTRIBUTION ................................................................................................................ 117 ® Logicube Talon Ultimate User’s Manual IV 1: Introduction 1.0 Introduction to the Logicube Talon Ultimate Designed for field or forensic lab use, the Talon® Ultimate delivers advanced, high-performance forensic imaging at a budget-friendly price. Featuring a compact footprint, user-friendly navigation and unbeatable imaging speed, the Talon Ultimate continues the proud legacy of previous generations of the Talon® forensic imaging solutions. Engineered specifically for digital forensic investigators, the Talon Ultimate meets all of your forensic imaging requirements. 1.1 Features The Talon® Ultimate is an extremely fast forensic imaging solution, achieving speeds of over 40GB/min*. Image and verify to multiple image formats; native copy, dd image, e01, ex01 and file-based copy. E01 features user-selectable compression levels. The Talon Ultimate provides SHA1, SHA256 or MD5 authentication and dual hash (MD5+SHA1). Source ports. Write-protected source ports include 1 SATA (SAS optional), 1 USB 3.0, 1 FireWire (optional). SAS and FireWire support is enabled via a software option, no additional modules required. USB ports can be used for SATA drives using an optional USB to SATA adapter to allow users to image from a total of 3 SATA source drives. 1 additional SATA /SAS-Ready source port can be activated with the purchase of the Multi-Task option. *The Talon Ultimate achieves speeds of over 40GB/min using solid state “suspect” drives that contain a freshly installed Windows “X” OS and random data. Settings used are e01/ex01 image format, with compression and with verify “on”. The specification and condition of the suspect hard drives as well as the mode, image format and settings used during the imaging process may affect the achieved speeds. ® Logicube Talon Ultimate User’s Manual 1 INTRODUCTION Destination ports include 2 SATA, 2 USB 3.0 and 1 FireWire (optional). FireWire support is enabled via a software option, no additional modules required. USB ports can be used for SATA drives using an optional USB to SATA adapter to allow users to image to a total of 3 SATA destination drives. Multi-Task Option. This option adds 1 additional SATA/SAS-ready source port and allows you to image from multiple source drives to multiple destinations simultaneously. This option also provides support to image one drive while hashing and/or wiping a second drive simultaneously. Option is activated with the purchase of a software enablement. Web-based user interface allows users to connect to the device from a web browser and manage all operations remotely. The browser features automatic page scaling for iPad type devices. Concurrent Image+Verify. Imaging and verifying concurrently takes advantage of destination hard drives that may be faster than the source hard drive. Duration of total image process time may be reduced by up to half. Built-in support for SATA/USB3 storage devices, including solid state drives. SAS and FireWire devices are supported with the purchase of an optional software enablement. 2.5”/3.5” IDE drives are supported with an adapter included with Talon Ultimate. 1.8” IDE, 1.8” ZIF, mSATA, microSATA, eSATA and flash drives are supported with optional adapters. Secure sensitive evidence data with whole drive AES 256 bit Encryption. Decryption can be performed using the Talon Ultimate or by using open source software programs such as VeraCrypt, TrueCrypt, or FreeOTFE. Users can Image from a Mac system booted in target disk mode. This feature requires the purchase of the FireWire software and port enablement option. Wipe drives to DoD specifications or use secure erase to wipe drives. Administrative feature allows users to save configuration settings and set user profiles. Features an internal, removable storage drive that stores O/S and audit trail/logs. The drive is easily removed for secure/classified locations. Preview/triage suspect drives connected to Talon- Ultimate on a PC with the USB3.0 device port enablement option. Additional features include HPA/DCO capture, drive spanning, audit trail/logs, color touchscreen display, on-screen keyboard, two USB 2.0 host ports for keyboard, mouse or printer connectivity, and a blank disk check feature. 1.2 In the Box The Talon Ultimate is shipped in a cardboard carrying case that includes a custom protective foam insert ready to drop into a standard Pelican hard case and includes: The Logicube Talon Ultimate unit AC adapter/Power supply and US power cord QTY: 3 – SAS/SATA cables QTY: 1 – 2.5”/3.5” IDE to SATA adapter ® Logicube Talon Ultimate User’s Manual 2 INTRODUCTION QTY: 1 – CAT6 Network cable QTY: 4 – 6-pin power plugs for use with external SATA and eSATA devices CD-ROM containing the user’s manual 1.3 Options The following options are available for the Talon Ultimate: Multi-Task Option SAS Source Option1 SAS Source Option2 FireWire Source/Destination Option USB 3.0 Device Port Option USB 3.0 4-port hub USB to SATA adapter – allows you to connect SATA drives to the USB 3.0 ports microSATA to SATA adapter 1.8” IDE to SATA, 1.8” ZIF adapters eSATA to SATA cable mSATA to SATA adapter Flash media reader 18” extended length SAS/SATA cable set Extended 1 year and 2 year warranties Soft-sided carrying bag Hard case (Pelican-type) 1.4 Specifications WARNINGS: Never connect a suspect drive to the Destination ports as data may be overwritten. Incorrectly connecting the suspect drive to the system can result in data on the suspect drive to be lost forever. Avoid dropping the Logicube device or subjecting it to sharp jolts. When in use, place it on a flat surface. Keep the unit dry. If the Logicube device needs to be cleaned, use a lightly damp, lint free cloth. Avoid using soap or other cleaning ® Logicube Talon Ultimate User’s Manual agents particularly those containing bleach, ammonia, alcohol or other harsh chemicals. 3 2: Getting Started 2.0 Overview of the Talon Ultimate Special Icons – Throughout this manual, there are two icons that can be seen. Please pay close attention when any of these two icons are found. These icons highlight additional information or important warnings on specific topics. ® Logicube Talon Ultimate User’s Manual 5 GETTING STARTED Logicube Talon Ultimate™ User’s Manual 6 GETTING STARTED Logicube Talon Ultimate™ User’s Manual 7 GETTING STARTED 2.1 Turning the Talon Ultimate on and off The Talon Ultimate comes with a 12V, 12.5A (output DC) power supply that connects to the back of the device. Attach the included power supply to the Talon Ultimate’s DC power port in the back. To turn the Talon Ultimate on, press and immediately release the power button located on the top right corner of the Talon Ultimate. The Talon Ultimate will turn on and start the boot process. It is normal for the fans to either turn off or slow down after the initial start-up sequence. There are two ways of turning the Talon Ultimate off: 1. Press and immediately release the power button on the top right corner of the Talon Ultimate. The Talon Ultimate will begin its shut down process and after a few seconds, the display and fans will turn off. 2. Using the Graphical User Interface (GUI) either on the touch screen or via a browser through a remote connection, navigate to the Power Off screen and tap or click the Power Off icon. 2.2 Connecting various drive types Cables and adapters are available for the following drive types: SAS (optional) SATA USB 2.5” and 3.5” PATA/IDE FireWire (optional) 1.8” microSATA(optional) 1.8” ZIF (optional) 1.8” PATA/IDE (optional) eSATA (optional) mSATA (optional) Flash Media (optional) 2.2.1 Connecting Source Drives Source drives (also called suspect drives) must be connected to the left side of the Talon Ultimate. These ports are write-protected and are labeled as follows: SAS S1 – SAS/SATA data port for the Source 1 (S1) position. Support for SAS drives require additional software activation. OPTIONAL: SAS S2 – SAS/SATA data port for the Source 2 (S2) position PWR 1 – Power port for SAS S1. Logicube Talon Ultimate™ User’s Manual 8 GETTING STARTED PWR 2 – Power port for SAS S2. SS S1 – USB 3.0 SuperSpeed Source port OPTIONAL: FW S1 – FireWire Source port The following Source ports require optional software activations for certain functions: SAS S1 – Supports SATA drives as standard. Support for SAS drives requires purchase of optional software activation. SAS S2 – Requires purchase of Multi-Task Option to activate this port. SATA support will be standard. SAS support requires purchase of SAS option. FW S1 –Requires purchase of FireWire ports activation software option. Talon Ultimate ports are hot swappable. Drives that are not being used in any task (image, hash, wipe, etc.) can be disconnected any time. Some drives are not hot swappable. Please check with the drive manufacturer to find out if the drive being used does not support hot swapping. Source drives do not have to be connected in any order. For example, a single SATA Source drive does not have to be connected to the SAS/SATA S1 port. It can be connected to the SAS/SATA S2 port without having anything connected to the S1 port. Never connect a suspect or Source drive to the Destination ports of the Talon Ultimate. Data may be overwritten if a drive is connected to a Destination port. Any combination of drives can be connected, up to 4 Source drives. For example, one SAS drive, one SATA drive, one USB drive, and one FireWire drive can all be connected at the same time. The Multi-Task Option is required to perform more than one task at a time. See information box above for additional options that may be required for use of the Source ports. Logicube Talon Ultimate™ User’s Manual 9 GETTING STARTED 2.2.2 Connecting Destination Drives Destination drives (also called evidence drives) must be connected to the right side of the Talon Ultimate. These ports are labeled as follows: SAS D1 – SAS/SATA data port for the Destination 1 (D1) position. SAS D2 – SAS/SATA data port for the Destination 2 (D2) position. PWR – power port for either Destination 1 (D1) or Destination 2 (D2) position. USB D1/2 – USB 3.0 Destination port FW D1 – FireWire Destination port The following Destination ports are affected by optional software activations: SAS S1, SAS S2 – Supports SATA drives. Requires the purchase of the SAS Source Option2 to activate support for SAS drives on both source and destination ports. FW D1 – Requires purchase of the FireWire Source/Destination option to activate this port. Destination drives do not have to be connected in order. For example, a single SATA Destination drive does not have to be connected to the SAS/SATA D1 port. It can be connected to the SAS/SATA D2 port without having anything connected to the D1 port. Any combination of drives can be connected, up to 4 Destination drives. For example, one SAS drive, one SATA drive, one USB drives, and one FireWire drive can all be connected at the same time, when all required options have been activated. The Multi-Task Option is required to perform more than one task at a time. See information box above for additional options that may be required for use of the Destination ports. Logicube Talon Ultimate™ User’s Manual 10 GETTING STARTED The Talon Ultimate ports are hot swappable. Drives that are not being used in any task (image, hash, wipe, etc.) can be disconnected any time. Some drives are not hot swappable. Please check with the drive manufacturer to find out if the drive being used does not support hot swapping. When disconnecting drives, it is very important to make sure the drives are not being used on any task. Disconnecting drives while the Talon Ultimate is using the drive for a task may cause data loss. 2.2.3 Connecting USB 3.0 Drives USB 3.0 is a new technology and USB 3.0 controller manufacturers may have variations in device designs that have inconsistent adherence to USB 3.0 specification. This may result in non-detection of the USB 3.0 device on certain equipment (including desktops, laptops or the Talon Ultimate). If a USB 3.0 device cannot be detected on the Talon Ultimate USB ports we have found that using a USB 3.0 hub may stabilize and regulate the communication between the USB 3.0 device and the Talon Ultimate, allowing the device to be detected properly. We have identified and qualified a USB 3.0 hub which is available as an option. For more information on the USB 3.0 hub, please see Section 12.5. 2.2.4 Using USB/FireWire/eSATA enclosures When using USB, FireWire, and/or eSATA enclosures, it is highly recommended to leave the drive inside the enclosure. USB enclosures typically have an onboard controller that may be necessary to read the drive properly. Taking the drive out of the enclosure could cause any device (including computers) not to read the drive contents properly. 2.2.5 Connecting SATA Drives using a USB-to-SATA adapter Logicube has qualified a USB 3.0 to SATA adapter for use with the Talon Ultimate. This adapter provides the capability to connect SATA drives to the USB 3.0 ports on the Talon Ultimate and uses a USB 3.0 to SATA converter. USB 3.0 is a new technology and USB 3.0 controller manufacturers may have variations in device designs that have inconsistent adherence to USB 3.0 specifications. This adapter and other USB 3.0 enclosures may experience communication disruption between devices. If the adapter is not detected properly we have found that using a USB 3.0 hub may stabilize and regulate the communication Logicube Talon Ultimate™ User’s Manual 11 GETTING STARTED between the Adapter or USB 3.0 enclosure, and the Talon Ultimate, allowing the device to be detected properly. We have identified and qualified a USB 3.0 hub which is available as an option. For more information on the USB 3.0 to SATA adapter, please see Section 12.4. For more information on the USB 3.0 hub, please see Section 12.5. 2.3 The user interface The user interface (UI) has been designed to quickly and easily input commands. It is simple and intuitive showing common icons such as tasks, modes of operation, and scroll icons on the screen. The UI is designed to be easily followed, going from left to right across the screen. A – Operations/Tasks currently running (displays up to 5 total tasks) B – Lock indicator/shortcut C – Operations/Tasks D – Add or delete tasks E – Types of Operations F – Up and down scroll arrows G – Operations options and settings H – Start icon Logicube Talon Ultimate™ User’s Manual 12 GETTING STARTED 2.4 Touch screen The Talon Ultimate features a 7” color LCD capacitive touch screen that allows the user to quickly input commands. The screen is bright and easy to read. 2.5 HDMI The Talon Ultimate has an HDMI port located in the back panel. Simply connect an HDMI cable from the Talon Ultimate to an external display that supports HDMI and Talon Ultimate will automatically show the display on both the Talon Ultimate and the external display. To change the display resolution on the external display: 1. Connect a wired USB keyboard to one of the front USB host ports. 2. Press ALT+R. An on-screen display should appear on the external display that allows the display resolution to be changed. Logicube Talon Ultimate™ User’s Manual 13 3: Quick Start 3.0 Quick Start Guide This chapter gives a basic overview and steps on how to perform different types of operations using the Talon Ultimate (Image, Hash, Wipe, etc.). Complete details on each operation, menu, or selection, and the different screens can be found in Chapter 4: Imaging and Chapter 5: Types of Operation. The Talon Ultimate can perform up to five (5) tasks per mode of operation (specifically Image, Hash, and/or Wipe). To perform more than one task at a time (Image, Hash, Wipe/Format), the MultiTask Option must be purchased and installed. It is highly recommended to change the passwords for built-in accounts. Instructions on how to change the passwords to the two built-in accounts can be found in Chapter 6. 3.1 Imaging This type of operation allows the imaging of a Source drive to one or more Destinations. There are two (2) different imaging modes and several settings to choose from. These selections should be performed in order from left to right. Drive to Drive – Performs a bit-for-bit copy of the Source producing an exact duplicate of the Source drive. This is also known as a native copy or mirror copy. Drive to File – Images the Source to any of the following image output file formats: DD, E01, or EX01. Compression is available for E01 and EX01 formats. To perform more than one task at a time (Image, Hash, Wipe/Format), the MultiTask Option must be purchased and installed. ® Logicube Talon Ultimate User’s Manual 14 QUICK START E01 and EX01 files created on the Destination may be smaller than the selected Segment Size if compression is used. For example, if 4GB segment size selected, some files may be less than 4GB. This occurs when there is a lot of blank space on the Source drive. Details on the different screens found in the Imaging operation can be found in Chapter 4: Imaging. Definition: Source/Destination/Repository – A Source, Destination, or Repository can be a drive (Hard Disk Drive, Solid State Drive, USB drive, etc.), Flash media (SD card, CF card, etc.), or network location. Talon Ultimate uses a concurrent Image+Verify process. When Verify is set, the Talon Ultimate images and verifies concurrently and takes advantage of destination hard drives that may be faster than the source hard drive. Duration of total image process time may be reduced by up to half. The Talon Ultimate imaging, hash, and wipe speeds are determined by several factors including the following: - The manufacturer specifications of the drive(s) being used - The age of the drive (manufactured date) - How often that drive has been used For example, a 2 TB drive with 64MB of cache produced by the manufacturer 2 years ago is most likely slower than a 2 TB drive that the same manufacturer just released this year, even though they are both 7200RPM with 64MB of cache, and are both SATA III. 3.1.1 Step-by-step instructions – Imaging Logicube Talon Ultimate™ User’s Manual 15 QUICK START Details on each selectable option on the Image screen can be found in Chapter 4.0 Imaging. 1. Select Imaging from the types of operation on the left side. 2. Tap the Mode icon and select Drive to Drive or Drive to File then tap the OK icon. 3. Tap the Source icon and choose the source from the list of connected drives then tap the OK icon. 4. Tap the Settings icon and adjust the settings as needed (Case Info, File Image Method Settings or Mirror Settings, HPA/DCO, Error Handling, Hash/Verification Method, etc.) then tap the OK icon. The Settings screen will be different for each of the two modes. Details on the different Settings screens can be found in Chapter 4: Imaging. Log file names can be set in Settings in the Case Info screen by entering a Case/File name. See Section 4.0.3.1 for more information. The Talon Ultimate will convert any non-POSIX portable characters used in Case/File Name field to underscores “_“ when creating the log or file names. POSIX portable characters are: Uppercase A to Z Period (.) Lowercase a to z Underscore (_) Numbers 0 to 9 Hyphen/Dash (-) 5. Tap the Destination icon and select the destination(s) to be used then tap the OK icon. For DD, E01, and Ex01, the Talon Ultimate uses the NT file system (NTFS) or EXT4 file systems to format drives. If the Destination drive is not formatted properly, the Location will appear as “(NOT_MOUNTED)” and a format icon will appear in the Format column. Tap the (Format) icon the Destination drive. For Drive to File, the Talon Ultimate will display drives connected to the Destination ports and any added repository. Encrypted drives will have the following symbol in the Format column: 6. Tap the Start icon to start the imaging task. Logicube Talon Ultimate™ User’s Manual 16 QUICK START 7. A progress bar will appear at the bottom of the screen showing the bytes processed, the rate (speed), elapsed time, and time remaining. 8. When finished, the status will show “COMPLETED”. At this point, it is recommended to tap Reset Task to reset the task, and also to delete the task in order for the drive bays to be properly reset and not show as being used or assigned for other tasks to be configured. The number of bytes shown on the progress bar is not the actual size of the drive. This is the actual data being processed. When ‘Verify’ is set to “Yes”, the reported number will double in size. 3.1.1.1 Blank Disk Check The Talon Enhanced has the ability to check a drive to see if it is blank or wiped. To perform a blank disk check: 1. Connect a drive to the Talon Ultimate. 2. Choose Imaging, Hash, or Wipe/Format. 3. Choose Source, Destination, or Drives to list the connected drives. 4. Tap the More Info icon to display more information about the drive. 5. Tap or click the down arrow located to the right of the screen to scroll down to the second page of information. 6. Locate the line that shows “Wiped”. This will either show True (drive is blank) or False. Logicube Talon Ultimate™ User’s Manual 17 QUICK START 3.1.1.2 Drive Spanning Talon Ultimate can automatically span to two (or more) Destination drives when using ‘Drive to File’ mode (DD, E01, EX01). When the task is started, and there may not be enough space on the Destination drive, the following prompt will appear warning that there might not be sufficient space on the Destination drive: When the Destination drive is full and the remaining data to be will not fit, Talon Ultimate will prompt for another drive. When the screen above appears, tap the OK icon and the Select Repository screen will appear. The Destination drive that is full can be disconnected, and replaced with another drive, or a Logicube Talon Ultimate™ User’s Manual 18 QUICK START different Destination drive port or repository can be selected. After selecting the next Destination/Repository to be used, tap the OK icon. If the next Destination drive selected requires formatting, the Talon Ultimate will show the (format) icon allowing the drive to be formatted. When the imaging operation is finished, all subsequent Destinations/Repositories used will contain the same Case/File name and the next DD, E01, or EX01 file. For example, if the last file on the first Destination used is *.E23, the next Destination/Repository used will start with file *.E24. 3.2 Hash / Verify A hash or verify operation can be performed to any drive connected to the Talon Ultimate. Performing a hash or verify task will instruct the Talon Ultimate to calculate the hash for the specified drive or validate the hash value for that drive. There are two modes available: DRIVE HASH – This mode will hash any connected drive on an active Source or Destination port. This mode is Logical Block Address (LBA) based and will hash drives based on the number of LBAs. If multiple drives are selected to be hashed, the Talon Ultimate will hash up to the LBA value of the smallest capacity drive. If drives with different capacities need to be hashed, it is recommended to start one task per drive. CASE VERIFY – This mode will hash cases created by the Talon Ultimate (DD, E01, Ex01) for verification purposes. There are two settings for this mode: o Primary – This will verify the primary hash of the image. o Both – This will verify both primary and second hash of the image. To perform more than one task at a time (Image, Hash, Wipe/Format), the MultiTask Option must be purchased and installed. Logicube Talon Ultimate™ User’s Manual 19 QUICK START 3.2.1 Step-by-step instructions – Hash 1. Select Hash from the types of operation on the left side. 2. Tap the Modes icon and select the desired mode (Drive Hash or Case Verify). 3. Tap the Drives icon and select the drive(s) to be hashed then tap the OK icon. 4. Tap the Settings icon to choose the different settings based on the Mode. Details for every setting can be found in Section 5.0.2. 5. Optional: Tap Case Info to set the Case/File Name, Case ID, Examiner, Evidence ID, or Case Notes. The Talon Ultimate will convert any non-POSIX portable characters used in Case/File Name field to underscores “_“ when creating the log or file names. POSIX portable characters are: Uppercase A to Z Lowercase a to z Numbers 0 to 9 Period (.) Underscore (_) Hyphen/Dash (-) 6. Tap the Start icon to start the hash task. 7. When finished, the status will show “COMPLETED”. At this point, it is recommended to tap Reset Task to reset the task, and also to delete the task in order for the drive bays to be properly reset and not show as being used or assigned for other tasks to be configured. Logicube Talon Ultimate™ User’s Manual 20 QUICK START 3.3 Wipe/Format Destination drives can be wiped and formatted using the Talon Ultimate. When a drive is wiped, there will be no file system on the Destination drive. The Destination drive must be formatted in order for it to have a valid file system so it can be used as a Destination drive when using the Drive to File modes of imaging. The following methods are available in the Wipe menu: Secure Erase – Sends a command to the drive instructing it to wipe the drive based on the hard drive manufacturer’s specifications for the Secure Erase command. If errors appear when performing Secure Erase, contact the drive manufacturer to check if the drive supports Secure Erase. Wipe Patterns – Allows the user to set a specific pattern to use for wiping the drive. The number of passes is customizable (up to 7 passes) along with the type of data written for each pass. In addition, a 7-pass DoD wipe can be set with pre-selected pass values. It is recommended to use the same capacity drive per task. When smaller capacity drives are wiped together with larger capacity drives, the smaller drives will finish first. However, the drive bays will not be available until the entire task is finished. Format – Instructs the Talon Ultimate to format a drive. The Talon Ultimate will format the drive using the EXT4 file system or NT file system (NTFS). For in-depth information regarding drive encryption, please see Chapter 7: Drive Encryption and Decryption. To perform more than one task at a time (Image, Hash, Wipe/Format), the Multi-Task Option must be purchased and installed. Logicube Talon Ultimate™ User’s Manual 21 QUICK START 3.3.1 Step-by-step instructions – Wipe/Format 1. Select Wipe from the types of operation on the left side. 2. Tap the Destination icon and select one or more drives then tap the OK icon. It is recommended to use the same capacity drive per task. When smaller capacity drives are wiped together with larger capacity drives, the smaller drives will finish first. However, the drive bays will not be available until the entire task is finished. 3. Tap the Settings icon and choose the type of wipe to be performed (Secure Erase and/or Wipe Patterns). If Wipe Patterns is selected, choose the type of Wipe Pattern to perform (DoD or Custom). 4. If the drive has an HPA or DCO area that needs to be wiped, tap the HPA/DCO icon and select Yes to wipe the HPA/DCO area of the drive. 5. Tap the Passes icon to edit the number of passes and what gets written on each pass. If Custom was selected, at least one pass must be edited and chosen. If DoD was selected, a 7th pass value must be edited/entered. 6. If the drive needs to be formatted, tap the Settings icon to change the Format settings then tap the OK icon. Logicube Talon Ultimate™ User’s Manual 22 QUICK START FORMAT – Select ON or OFF to format the drive. FILE SYSTEM – Select whether the Talon Ultimate will format the drive with the EXT4 or NT File System (NTFS). ENCRYPTION – Select whether to encrypt the drive (ON) or not (OFF). For more information on encrypted Destination drives, please see Chapter 7: Drive Encryption and Decryption. The Talon Ultimate encrypts drives using AES 256 encryption regardless of what cipher mode is used. If TC-XTS is used, Talon Ultimate uses a TrueCrypt friendly format and does not use TrueCrypt to encrypt the drive. The encryption key is not stored on the Destination drive. 7. Optional: Tap Case Info to set the Case/File Name, Case ID, Examiner, Evidence ID, or Case Notes. The Talon Ultimate will convert any non-POSIX portable characters used in Case/File Name field to underscores “_“ when creating the log or file names. POSIX portable characters are: Uppercase A to Z Lowercase a to z Numbers 0 to 9 Period (.) Underscore (_) Hyphen/Dash (-) 8. Tap the Start icon to start the wipe task. The Talon Ultimate will perform a Secure Erase first (if selected), then a Wipe Pattern (if selected), then finally a Format (if selected). 9. When finished, the status will show “COMPLETED”. At this point, it is recommended to tap Reset Task to reset the task, and also to delete the task in order for the drive bays to be properly reset and not show as being used or assigned for other tasks to be configured. Logicube Talon Ultimate™ User’s Manual 23 QUICK START 3.4 USB Device (Viewing drive contents from a computer) With the USB 3.0 Device Port Option, connecting the Talon Ultimate to a computer via USB allows the user to view any drive connected to the Talon Ultimate. In this mode, all drives connected to the Talon Ultimate are writeprotected. Files can then be copied (or dragged and dropped) from the Destination drive to the any of the computer’s connected drives. This mode of operation is only available with the activation of the optional USB 3.0 Device Port Option which enables the front micro-B USB 3 port. Talon Ultimate formats the drives using the EXT4 file system or NT file system (NTFS). EXT4 is not natively supported by Windows. There are several utilities that allow viewing of the EXT4 file system in Windows. Logicube has tested and recommends Ext2Fsd (http://www.ext2fsd.com/) which is a utility driver that allows EXT partitions to be viewable in Windows. For detailed instructions on Ext2Fsd, please see Chapter 11. NTFS is natively supported by Windows. 3.4.1 Step-by-step instructions – USB Device 1. Select USB Device from the types of operation on the left side. 2. A list of drives connected to the Talon Ultimate will appear. Select a drive then tap the Engage icon. 3. Connect a USB 3.0 cable (A to micro-B) between a computer and the Talon Ultimate. Connect the A connector side of the cable to an available USB port on the computer, and connect the micro-B connector side of the cable to the front micro-B port of the Talon Ultimate. 4. Windows will automatically detect the drive, install the drive’s drivers (if necessary), and should assign it a drive letter. If Windows does not Logicube Talon Ultimate™ User’s Manual 24 QUICK START assign a drive letter, see Section 5.0.4 for advanced settings and troubleshooting. 5. The new drive letter will contain the contents of the selected drive and is write-protected. 6. When finished, tap the Disengage icon on the Talon Ultimate. The USB cable can then be disconnected from the Talon Ultimate and the computer. Windows may look like changes can be made to the drive. However, no changes are actually made. For example, if a file is written/copied to the drive, or a file is deleted from the drive, Windows may show that the file was written/copied or deleted from the drive. However, if the drive is disconnected, then reconnected, Windows will show the original files showing no changes were actually made. 3.5 Logs The Talon Ultimate keeps logs of all imaging, hash, and wipe (or format) operations. Logs can be viewed directly on the Talon Ultimate or from a computer’s browser (if the Talon Ultimate is connected to a network). In addition to viewing, the logs can be exported to an external USB location such as a USB flash drive. Logs are exported in PDF, HTML and XML format. When using Drive to File mode (DD, E01, or EX01), log files are also stored in the Destination drive in the same folder as the image files. The log files in the Destination drive are available in PDF, HTML, and XML formats. The log files may contain a “partial hash”. This hash is for Talon Ultimate’s internal purposes only and cannot be validated by any other means. The partial hash is a snapshot of the hash engine at the end of each segment file which the Talon Ultimate can use to catch transfer errors and re-try if needed. Logicube Talon Ultimate™ User’s Manual 25 QUICK START Sample Log File (viewed on-screen): 3.5.1 Step-by-step instructions – Viewing or exporting logs 1. Select Logs from the types of operation on the left side. A list of log files will appear sorted by date (newest on top). 2. Select the log file to view by tapping the name of the log file. This will highlight the log file chosen. 3. Tap the View icon to view the log file on-screen. The log files can also be exported to a USB drive. To export the log files: a. Connect a USB drive (USB flash drive or USB external drive) to one of the two USB ports located on the front of the Talon Ultimate. Logicube Talon Ultimate™ User’s Manual 26 QUICK START The USB drive must be formatted with the FAT, FAT32, NTFS, or EXT4 file system. b. Tap the Export icon to export the log file via USB. The log will be exported/copied to the attached USB drive and will be in HTML, PDF, and XML formats. Repeat steps 2 through 4 if other log files need to be exported or viewed. To print the log files, it is recommended to use the web interface as described in Chapter 9: Remote Operation and click the print icon on the upper-right corner of the screen. The browser’s print menu will appear and the log can be printed to an available printer on configured on the computer. 3.5.2 Deleting log files Log files can be deleted one at a time or all at once. To delete a single log file, tap the log file to highlight the log file to be deleted. Tap the Delete icon to delete the selected log file. To delete all the log files, tap the Delete All icon. A log file deletion password can be set to add a layer of security when deleting log files. If a password was set, log files cannot be deleted without entering the correct password. If a log file deletion password was not created, a confirmation screen will appear confirming to delete the single log file or all log files. If a log file deletion password was created, a screen will appear prompting to enter the log file deletion password. Enter the log file Logicube Talon Ultimate™ User’s Manual 27 QUICK START deletion password. Tap the OK icon to delete the single log file or all the log files (depending on which was selected). The password can be set in the Systems Settings. More information about the log file deletion password can be found in Section 5.0.7.2. 3.5.3 Accessing the logs over a network The log files can also be accessed through a network on a computer if the Talon Ultimate is connected on the same network. 1. Open Windows Explorer or a similar window and browse to the hostname or the IP address found in the Statistics screen. See Section 5.0.6 for more information on the Statistics screen. 2. A Windows security screen will appear prompting to enter a User name and Password to connect to the Talon Ultimate. Login with the following credentials: User name: it Password it 3. Once connected, an auditlog folder will appear. Open the auditlog folder. Logicube Talon Ultimate™ User’s Manual 28 QUICK START 4. The auditlog folder contains the HTML, PDF, and XML files for each of the log files. There will be two folders (html and pdf) that contain either the HTML or PDF versions of the log files. The XML files can be used with any XML viewer which allows for some customization on how the information can be viewed. 3.6 Statistics This will display four tabs: About, Adv. Drive Statistics, Options, and Network Interface Stats. About – This screen will show information about the Talon Ultimate including the current software installed. Adv. Drive Statistics – Displays S.M.A.R.T. information taken directly from what the drive is reporting. Options – Displays which optional software is available and what is installed. Network Interface Stats – Displays the Network Interface statistics (Receive and Transfer bytes, packets, drops, and errors, and the link status). For more information on the Statistics screen, see Section 5.0.7 of this manual. 3.7 System Settings The System Settings screen allows users to configure five different settings for the Talon Ultimate: User Profiles/Configurations Passwords Encryption Settings Logicube Talon Ultimate™ User’s Manual 29 QUICK START Language/Time Zone Display For more information on Talon Ultimate’s system settings, see Section 6.0.7 of this manual. 3.8 Network Settings There are three tabs in the Network settings screen: Services – The network settings screen allows certain network services to be enabled or disabled. Interfaces – Displays the network interface information (MAC Address, Configuration type (DHCP or Static), MTU, and the status. HTTP Proxy – In order for the Talon Ultimate to be able to update software from a network (over the internet), proxy settings may need to be set. Networks that have a proxy server for internet access will require proxy settings for devices like the Talon Ultimate to connect to the Internet. This typically includes a server (or IP address), a host port, a username and password. For detailed information on the Network Settings screen, see Section 5.0.8 of this manual. 3.9 Software Updates New and improved software will be released from time to time. There are two ways to update the software on the Talon Ultimate: From the web via a network connection or from a USB drive. For more information on see Chapter 8: Software Loading Instructions. 3.10 Power Off There are two tabs in the Power Off screen: POWER OFF – The Talon Ultimate can be remotely turned off or restarted by going to this tab. Additionally, the Talon Ultimate screen can be refreshed. DRIVE POWER – Inactive drives connected to the Talon Ultimate can be set to go to standby mode in this tab. The default is set to 0 minutes (OFF). For more detailed screen shots, see Section 5.0.10 of this manual. Logicube Talon Ultimate™ User’s Manual 30 4: IMAGING 4.0 Imaging - Introduction This type of operation allows the imaging of a Source drive to a Destination. There are two different imaging modes and several settings to choose from. These selections should be performed in order from left to right. There are four selections when performing an image: Mode Drives Settings Destination 4.0.1 Mode Tap this icon to choose between the following three imaging modes: Drive to Drive – Performs a bit-for-bit copy of the Source producing an exact duplicate of the Source drive. ® Logicube Talon Ultimate User’s Manual 31 IMAGING Drive to File – Images the Source to any of the following image output file formats: DD, E01, or EX01. Compression is available for E01 and EX01 modes. 4.0.2 Drives Tap this icon to select the Source drive to be imaged. Talon Ultimate will list all the drives connected to the Source position(s). The (More Info) icon displays more information on the drive. The drive details window will appear showing information about the drive. 4.0.3 Settings Tap the Settings icon to change the image settings. Depending on what Mode was selected (Drive to Drive or Drive to File), Logicube Talon Ultimate™ User’s Manual 32 IMAGING different screens will appear. COMMON SETTINGS – The following settings are found on all three modes: Case Info HPA/DCO Error Handling / Error Granularity Hash/Verification Method SHA-1+MD5 hash is only available when using Drive to File mode. SHA-256 hash is only available when using Drive to Drive mode. 4.0.3.1 Case Info (Common Setting) Case Info allows users to enter information about the case. This is optional and is not required to start an imaging operation. Information entered here will appear in the logs. In addition, some forensic analysis software can import the information when the image files are opened. Tap any of the boxes and an on-screen keyboard will appear allowing information to be entered. After entering the information, tap the OK icon to go back to the previous screen. Logicube Talon Ultimate™ User’s Manual 33 IMAGING Log names and file names can be customized by entering a Case/File Name. For example, if a DD or E01 image is performed, and the Case/File Name is set to TestCase, the log name and file name will be called TestCase. Subsequent Case/File Names that are the same will be identified with a dash, then the next image number, for example, TestCase-1, TestCase-2, etc. The Talon Ultimate will convert any non-POSIX portable characters used in Case/File Name field to underscores “_“ when creating the log or file names. POSIX portable characters are: Uppercase A to Z Lowercase a to z Numbers 0 to 9 Period (.) Underscore (_) Hyphen/Dash (-) 4.0.3.2 HPA, DCO (Common Setting), and Drive Trim Some computer manufacturers will use a utility that creates an HPA or DCO configuration on a hard drive. These are designed to change drive characteristics such as drive capacity, speed and other settings as they are reported to the computer’s BIOS. The HPA/DCO setting allows the user to set whether a drive’s HPA or DCO is to be unlocked and imaged. Select YES to unlock and image a Host Protected Area (HPA) or Device Configuration Overlay (DCO). Logicube Talon Ultimate™ User’s Manual 34 IMAGING HPA – Host Protected Area can limit the size of a hard drive, but it can also change many other settings such as speed and S.M.A.R.T. status. DCO – Device Configuration Overlay limits the size of a drive only. For example, a 160GB drive can be made to look like a 100GB drive to a computer. Drive Trim is a special setting when the mode is set to Drive to Drive. For more information on Drive Trim, please see section 6.0.3.5.1 Special Settings for Drive to Drive. 4.0.3.3 Error Handling (Common Setting) When bad sectors are encountered on the Source drive, Talon Ultimate can either skip the bad sectors or abort the imaging operation. This allows flexibility on what to do when bad sectors are found on the Source drive. When bad sectors are encountered, and error handling is set to Skip, Talon Ultimate will write a zero on the corresponding sector or position in the Destination drive or file. Talon Ultimate also has a setting for error granularity. There are 3 options: 1 sector (512 Bytes) 4096 Bytes (8 sectors) 64 KIB (128 sectors) Logicube Talon Ultimate™ User’s Manual 35 IMAGING When a bad sector on the source drive is found, by default, it will skip that sector. Changing the granularity allows more sectors to be skipped. A cluster size represents the smallest amount of disk space that can be used to hold a file. The most common cluster size for an NTFS volume, for example, is 4KB (4096 Bytes). This means that the smallest amount of space that will be used for a file is 4096 Bytes. As an example, if 4096 Bytes is chosen, and one of the 8 sectors in that cluster size contains a bad sector, the Talon Ultimate will skip the entire cluster (or 4096 bytes or 8 sectors). 4.0.3.4 Hash/Verification Method (Common Setting) This setting allows the user to set a hash and/or a verification method. Hash Method – Will hash the Source drive with the selected method. There are different hash algorithms available depending on which Imaging mode is selected: None – No hash of the Source will be performed. SHA-1 – Uses the SHA-1 algorithm to hash the Source. SHA-256 – Only available when using the Drive to Drive Imaging mode. Uses the SHA-256 algorithm to hash the Source. MD5 – Uses the MD5 algorithm to hash the Source. SHA-1+MD5 – Only available when using the Drive to File Imaging mode. Uses both SHA-1 and MD5 algorithms to hash the Source. Logicube Talon Ultimate™ User’s Manual 36 IMAGING Verification Method – Select YES to hash the Destination and verify the calculated value with the Source hash value. 4.0.3.5 Special Settings The Settings screen changes depending on which of the two Modes (Drive to Drive or Drive to File) is selected. Each of the modes has their own different Settings screen. 4.0.3.5.1 Special Settings for Drive to Drive When Drive to Drive mode is selected, Mirror Settings will appear on the top-right of the Settings screen: DRIVE TRIM – This user selectable function allows the Talon Ultimate to manipulate the Device Configuration Overlay (DCO) and Host Protected Area (HPA) of the destination drive using the Device Configuration Set command for DCO and Set Max Address command for HPA so that the Destination drive’s total native capacity matches the Source drive. For example, if the Source drive is a 120GB drive and the Destination drive is a 500GB drive, the Talon Ultimate will limit the Destination drive’s capacity to 120GB to match the Source drive exactly. Logicube Talon Ultimate™ User’s Manual 37 IMAGING SAMPLE SOURCE DRIVE: SAMPLE DESTINATION DRIVE PRIOR TO DRIVE TRIM: SAMPLE DESTINATION DRIVE AFTER DRIVE TRIM: Drive Trim is only available in Drive to Drive mode and by default is set to NO. Drive Trim only works with ATA drives and will not work with USB external drives (or drives connected via USB), SAS or SCSI drives Restoring a trimmed drive – To restore a trimmed drive to its original capacity, perform a custom wipe (single pass) and set the WIPE DCO and WIPE HPA settings to YES. Logicube Talon Ultimate™ User’s Manual 38 IMAGING RESTORING A TRIMMED DRIVE: Select the drive to restore IN THE WIPE SETTINGS: - Set Secure Erase to OFF - Set Wipe Patterns to: Mode: Custom HPA/DCO: YES (TRUE) LBAS: Edit to 1 LBA PASSES: Edit the number of passes to any value for 1 pass To set the LBA to 1, go to LBAS then tap the edit icon and enter the value: 1 Start the wipe task. The task should finish quickly as it is resetting just wiping the HPA/DCO and 1 LBA. Logicube Talon Ultimate™ User’s Manual 39 IMAGING Mirror Settings: - - - Length – Set the percentage or number of blocks to clone. For forensic purposes, this is typically set to 100% of the Source. Master Start – Set the percentage or number of blocks from the start of the Source (Master). For forensic purposes, this is typically set to 0%, or the beginning of the Source (Master). Target Start – Set the percentage or number of blocks from the start of the Destination (Target). For forensic purposes, this is typically set to 0%, or the beginning of the Destination (Target). Alternatively, the specific number of blocks can be set for each of the options by tapping the: (edit) icon. 4.0.3.5.2 Special Settings for Drive to File When Drive to File mode is selected, File Image Method Settings will appear on the top-right of the Settings screen: Logicube Talon Ultimate™ User’s Manual 40 IMAGING Tap File Image Method Settings and the following screen will appear with DD: The following screen will appear with E01 EX01: One of three different images methods can be selected: DD – Uncompressed raw image files readable by many forensic programs. E01 – Compressed or uncompressed EnCase legacy evidence file format. EX01 – Compressed or uncompressed EnCase evidence file format. SEGMENT SIZE – Available for DD, E01, and EX01. Allows the user to set the output segment size (file size). Choose from 2 GB, 4 GB, 8 GB, or 16 GB. A Whole Disk option is available for DD only. Logicube Talon Ultimate™ User’s Manual 41 IMAGING E01 and EX01 Segment Size options: DD Segment Size Options: COMPRESSION – Available for E01 and EX01 only. Sets the compression level for E01 or EX01 imaging. When selecting Compression, the following screen will appear. Use the slider bar to adjust the desired compression level. The higher the compression level, the longer it will take to image the Source drive. The Default compression setting is recommended when compression is used. Logicube Talon Ultimate™ User’s Manual 42 IMAGING 4.0.4 Destination Tap the Destination icon to select the Destination drive. Talon Ultimate will list all the drives connected to the Destination position(s). When Drive to Drive mode is selected, the Destination screen will show all drives connected to the Destination positions. When Drive to File mode is selected, the Destination screen will show all drives connected to the Destination positions and will show how many image files are found on each drive, the free space, and the formatted file system. For DD, E01, Ex01, and File to File mode, the Talon Ultimate uses the EXT4 file system or NT file system (NTFS) to format drives. If the Destination drive is not formatted properly, the Location will appear as “(NOT_MOUNTED)” and a format icon will appear in the Format column. Tap the (Format) icon the Destination drive. Logicube Talon Ultimate™ User’s Manual 43 IMAGING For Drive to File or File to File, the Talon Ultimate will display drives connected to the Destination ports and any added repository. Encrypted drives will have the following symbol in the Format column: When formatting the drive from this screen, a prompt will appear to format the drive. Select which file system to use (EXT4 or NTFS) and whether to format with encryption (ON) or without encryption (OFF). Details on encryption can be found in Chapter 8 of the Talon Ultimate User’s Manual. For details on formatting a drive, see Section 5.0.3.2.3. Formatting the drive may take up to two minutes. Tap the OK icon to continue. For in-depth information regarding drive encryption, please see Chapter 8: Drive Encryption and Decryption 4.1 Starting the Imaging Operation Once all the settings and options have been selected or set, tap the (Start) icon to begin the imaging. A confirmation screen will appear. Tap the Yes icon to continue. A progress bar will appear at the bottom of the screen showing the bytes processed, the rate (speed), elapsed time, and time remaining. Logicube Talon Ultimate™ User’s Manual 44 IMAGING When finished, the status will change to COMPLETED. At this point, it is recommended to tap Reset Task to reset the task, and also to delete the task in order for the drive bays to be properly reset and not show as being used or assigned for other tasks to be configured. The number of bytes shown on the progress bar is not the actual size of the drive. This is the actual data being processed. When ‘Verify’ is set to “Yes”, the reported number will double in size. Talon Ultimate can automatically span to two (or more) Destination drives when using Drive to File mode (DD, E01, EX01). When the Destination drive is full and the remaining data to be imaged will not fit, Talon Ultimate will prompt for another drive. Information on Drive Spanning can be found in Section 3.1.1.2. Logicube Talon Ultimate™ User’s Manual 45 6: Types of Operations 5.0 Types of Operations - Introduction There are ten (10) types of operation available on the Talon Ultimate. The left side of the screen shows the different operation types that can be set. Detailed information on all of the different operations and their screens can be found in this section. 1. IMAGING – Performs an image from a Source to a Destination. There are two modes available: a. Drive to Drive – Performs a bit-for-bit copy of the Source producing an exact duplicate of the Source drive. b. Drive to File – Images the Source to any of the following image output formats: DD, E01, EX01, or File. Compression is available for E01 and EX01 formats. Details on the different screens found in the Imaging operation can be found in Chapter 4: Imaging. 2. HASH/VERIFY – Perform a SHA1, SHA-256, or MD5 hash of a drive or verifies a case’s (image) file hash. 3. WIPE – This type of operation is used to erase, wipe, and/or format drives. There are three main settings: Secure Erase – Sends a command to the drive instructing it to perform a secure erase based on the drive manufacturer’s specifications. ® Logicube Talon Ultimate User’s Manual 46 DEFAULT PASSWORDS Wipe Patterns – Allows the user to set a specific pattern to use for wiping the drive. The number of passes is customizable (up to 7 passes) along with the type of data written for each pass. In addition, a 7-pass DoD wipe can be set. Format – Formats the Destination using the EXT4 file system or NT file system (NTFS) either with or without AES-256 encryption. 4. USB DEVICE – Allows the user to view the contents of any drive connected to the Talon Ultimate from a computer connected via USB. When using this type of operation, all drives connected to the Talon Ultimate are write-protected. Requires the USB Device Port option to activate. 5. LOGS – Display logs of each task that has been performed on the Talon Ultimate. 6. STATISTICS – This will display four tabs that include:” About – Displays information about the Talon Ultimate Advanced Drive Statistics – Shows raw S.M.A.R.T. data on any drive connected to the Talon Ultimate. Options – Shows available options and which ones are installed. Network Interface Stats – Shows information on the Network Interface/ 7. SYSTEM SETTINGS – This mode allows changes to the system settings on the Talon Ultimate which include the following: User profiles/configurations – Allows the user to create, save, apply, or delete user profiles/configurations. Passwords – Allows the user to set a password to lock the Talon Ultimate from any configuration changes. Encryption Settings – Sets the cipher mode (VCRPYT, TC-XTS, CBC, or ECB), Cipher, IV Generation, and the encryption password. Language/Time Zone – Sets the language on the Talon Ultimate’s menu and change the system’s Time Zone. Display – Sets the Talon Ultimate’s display/screen brightness and enable/disable Stealth Mode 8. NETWORK SETTINGS – Allows certain services to be enabled or disabled. Also shows the network interface status and allows the user to set proxy settings (if required by their network). 9. SOFTWARE UPDATES – Perform software updates on the Talon Ultimate. Software can be updated over an internet connection (from network) or from a USB flash drive. 10. POWER OFF – Allows the user to turn the Talon Ultimate unit off or restart it by using the Graphical User Interface (GUI). Also allows a drive timeout to be set, powering down drives when not in use. 5.0.1 Imaging This type of operation allows the imaging of a Source to a Destination. There are two different imaging modes and several settings to choose from. These selections should be performed in order from left to right. Logicube Talon Ultimate™ User’s Manual 47 DEFAULT PASSWORDS In-depth details on the different screens found in the Imaging operation can be found in Chapter 4: Imaging. 5.0.2 Hash / Verify This type of operation allows the hashing of any connected drive using one of the following algorithms: SHA-1, SHA-256, MD5, and SHA-1+MD5. Case (Image) files created by the Talon Ultimate can also be verified. There are four selections when performing a Hash or Verify: Mode, Drives, Settings, and Case Info. 5.0.2.1 Mode Tap this icon to choose the mode. Drive Hash will hash a drive (based on Logical Block Logicube Talon Ultimate™ User’s Manual 48 DEFAULT PASSWORDS Addresses (LBA) or Sectors). Case Verify will verify the hash of a case (image) file. 5.0.2.2 Drives Tap this icon to choose the drive to be hashed or the drive that contains the case (image) files to be verified. When Drive Hash mode is selected, all connected drives will be shown. When Verify mode is selected, only Destination drives with cases (images) created by the Talon Enhanced will be shown. 5.0.2.2 Settings Tap this icon to choose a drive to adjust the hash or verify settings. 5.0.2.2.1 Drive Hash Settings If Drive Hash mode was chosen, the Hash Settings screen will appear: Tap this icon to set the hash method (SHA-1, SHA-256, or MD5) and to set the expected hash value (if desired). Setting the expected hash value Logicube Talon Ultimate™ User’s Manual 49 DEFAULT PASSWORDS instructs the Talon Ultimate to hash the drive then verify the hash with the expected value set. Each hash task is Logical Block Address (LBA) based and will hash drives based on the number of LBAs. If multiple drives are selected to be hashed, the Talon Ultimate will hash up to the LBA value of the smallest capacity drive. If drives with different capacities need to be hashed, it is recommended to start one task per drive. Select one of the following hash methods: SHA-1 – Select this to hash or verify the Target drives using the SHA-1 algorithm. SHA-256 – Select this to hash or verify the Target drives using the SHA-256 algorithm. MD5 – Select this to verify the Target drives using the MD5 algorithm. The recommended method is SHA-1 or SHA-256. By default, this value will have 0s (zeros). If this is not changed, or no value is entered, this will instruct the Talon Ultimate to hash the drive using the selected algorithm in the previous step. If a value is entered, the Talon Ultimate will hash the selected drive and verify hash with the value entered/edited. Logicube Talon Ultimate™ User’s Manual 50 DEFAULT PASSWORDS To set the expected value, tap the (edit) icon. The on screen keyboard will appear and the expected hash value can be set. The LBA icon will bring up the LBA settings screen. On this screen the user can adjust the percentage or the number of blocks of the drive to hash and also where to start the hash. By default the length is set to 100% (whole drive) and the starting percentage is set to 0% (start of the drive). When the Talon Ultimate finishes hashing the drive, the following screen will appear showing the task completed. Tap the (Info) icon on the left of the completed screen to see both the expected Logicube Talon Ultimate™ User’s Manual 51 DEFAULT PASSWORDS hash value and the computed hash value. 5.0.2.2.2 Case Verify If Drive Hash mode was chosen, the Hash Settings screen will appear: Tap this icon to set which hash to verify (Primary or Both). 5.0.2.3 Case Info The Case Info setting allows users to enter some information about the case. This is optional and is not required to start a Hash or Verfiy operation. Information entered here will appear in the logs. More information on the Case Info screen can be found in Section 4.0.3.1. Logicube Talon Ultimate™ User’s Manual 52 DEFAULT PASSWORDS Tap any of the boxes and an on-screen keyboard will appear allowing information to be entered. After entering the information, tap the OK icon to go back to the previous screen. The Talon Ultimate will convert any non-POSIX portable characters used in Case/File Name field to underscores “_“ when creating the log or file names. POSIX portable characters are: Uppercase A to Z Lowercase a to z Numbers 0 to 9 Period (.) Underscore (_) Hyphen/Dash (-) 5.0.3 Wipe / Format This type of operation allows the user to erase, wipe, and/or format one or more Destination drives. There are three main settings: Secure Erase, Wipe Mode, and Format. Secure Erase – Sends a command to the drive instructing it to perform a secure erase based on the drive manufacturer’s specifications for the secure erase command. Wipe Patterns – Allows the user to set a specific pattern to use for wiping the drive. The number of passes is customizable (up to 7 passes) along with the type of data written for each pass. In addition, a 7-pass DoD wipe can be set with pre-selected pass values. Format – Formats the Destination drive with an EXT4 file system or NT file system (NTFS) with or without encryption. Logicube Talon Ultimate™ User’s Manual 53 DEFAULT PASSWORDS More information on encryption can be found in Chapter 8. There are three selections when performing a wipe: Destination, Settings, and Case Info. 5.0.3.1 Destination Tap this icon to choose a drive to erase, wipe, and/or format. A screen will appear, allowing the selection of one or more destinations. Tap the drive(s) to be erased, wiped, and/or formatted then tap OK. 5.0.3.2 Settings Tap this icon to choose a drive to set the wipe settings. The Wipe Settings screen will appear. There are three sections in the Settings screen: Secure Erase, Wipe Patterns, and Format. Logicube Talon Ultimate™ User’s Manual 54 DEFAULT PASSWORDS The Talon Ultimate will perform each of the settings sequentially. For example, if Secure Erase is set to ON, a Wipe Pattern mode is specified, and Format is set to On, the Talon Ultimate will first secure erase the drive, then wipe the drive according to the mode specified, then format the drive. 5.0.3.2.1 Secure Erase Choose ON to Secure Erase the selected Destination drive(s). Most drives support this function. Secure Erase will send a command to the drive instructing it to reset itself to the specifications the drive manufacturer has set. For SAS (Serial Attached SCSI) drives, Secure Erase sends a ‘Format’ command. For SATA (Serial-ATA) drives, Secure Erase sends a ‘Security Erase Unit’ command. For SATA drives that support ‘Enhanced Security Erase Unit’ commands, the enhanced command will be sent. For questions on how each drive supports these features, or what the drive will do with these commands, please contact the drive manufacturer. Logicube Talon Ultimate™ User’s Manual 55 DEFAULT PASSWORDS If errors appear when performing Secure Erase, contact the drive manufacturer to check if the drive supports Secure Erase. For Secure Erase specifications (what happens when the drive receives the Secure Erase command), contact the drive manufacturer. 5.0.3.2.2 Wipe Patterns This setting allows the user to set a specific wipe pattern or patterns to use for wiping the drive. The number of passes is customizable (up to 7 passes) along with the type of data written for each pass. In addition, a 7-pass DoD wipe can be set with pre-selected pass values. There are 4 selections when setting a wipe pattern: Mode, HPA/DCO, LBAS, PASSES. It is recommended to use the same capacity drive per task. When smaller capacity drives are wiped together with larger capacity drives, the smaller drives will finish first. However, the drive bays will not be available until the entire task is finished. Selecting this will open the Wipe Mode screen showing 3 options: Logicube Talon Ultimate™ User’s Manual 56 DEFAULT PASSWORDS NONE – Choosing this will instruct the Talon Ultimate not to perform a wipe using Wipe Mode. DOD – Choosing this will instruct the Talon Ultimate to perform a 7-pass wipe conforming to the DoD M-5220 standards. CUSTOM – Choosing this will allow the user to specify how many wipe passes will be performed and what values each pass will be written on each of the passes selected. This will open the HPA/DCO option for wiping. If the drive to be wiped has HPA and/or DCO that needs to be wiped, select Yes for the corresponding option. By default, this is set to 100% which will wipe all Logical Block Addresses (LBAs) and will wipe the entire drive (100%). This Wipe Setting will change depending on the Wipe Pattern Mode selected. If None was selected, this is not selectable. If DoD was selected, the first six pass values will be filled automatically by default. It is mandatory that the user enter the 7th pass value by tapping the (edit) icon or the operation will fail. If Custom was selected, no passes will be filled out. It is mandatory that the Logicube Talon Ultimate™ User’s Manual 57 DEFAULT PASSWORDS user set the value for at least one pass or the wipe operation will fail. The pass value can be set by tapping the (edit) icon. Passes screen when DOD is selected: The Talon Ultimate automatically enters default values for pass numbers 1 through 6. It is mandatory that the user enters a value for the 7th pass or the Talon Ultimate will not proceed with the wipe operation. Values can be changed or added by tapping the (edit) icon. Passes screen when Custom is selected: Logicube Talon Ultimate™ User’s Manual 58 DEFAULT PASSWORDS There is no default value entered for any passes. It is mandatory that the user select a value for at least the first pass or the Talon Ultimate will not proceed with the wipe operation. Values can be changed or added by tapping the (edit) icon. Editing one or more of the passes in DOD or CUSTOM mode will bring up this screen: SKIP – Instructs the Talon Ultimate to skip the pass. RANDOM – Instructs the Talon Ultimate to perform one random value on all Logical Block Addresses (LBAs) / sectors. RANDOM BUFFER – Instructs the Talon Ultimate to create a buffer of several random patterns on all LBAs/sectors. VALUE – Instructs the Talon Ultimate to use the specified hex value to be written for the pass. The values can range anywhere from 00 to FF. 5.0.3.2.3 Format Formats the Destination using the EXT4 file system or NT file system (NTFS) either with or without encryption. To format the drive (with or without encryption) tap the Settings icon. Logicube Talon Ultimate™ User’s Manual 59 DEFAULT PASSWORDS The Talon Ultimate will check the Destination drive for formatting prior to being used as a Destination or Repository for Imaging using Drive to File. If the drive has not been formatted by the Talon Ultimate, the Destination drive must be formatted using the Talon Ultimate prior to being used as a Destination for Imaging using Drive to File. Tap this icon to set the Talon Ultimate to format the drive (with or without encryption). Three settings are available: Format – When set to ON, the Talon Ultimate will format the Destination drive with or without encryption. The drive will be formatted with the EXT4 file system or NT file system (NTFS), depending on which file system is chosen. When set to OFF, the Talon Ultimate will not format or encrypt the selected drive. File System – Select EXT4 to format the Destination using the EXT4 file system. Select NTFS to format using the NT file system (NTFS). Encryption – Select ON to format the drive with encryption. The drive will be formatted with the EXT4 file system or NT file system (NTFS). Logicube Talon Ultimate™ User’s Manual 60 DEFAULT PASSWORDS For more information on encrypted Destination drives, please see Chapter 7: Drive Encryption and Decryption. 5.0.3.3 Case Info The Case Info setting allows users to enter some information about the case. This is optional and is not required to start a Wipe operation. Information entered here will appear in the logs. More information on the Case Info screen can be found in Section 4.0.3.1. Tap any of the boxes and an on-screen keyboard will appear allowing information to be entered. After entering the information, tap the OK icon to go back to the previous screen. The Talon Ultimate will convert any non-POSIX portable characters used in Case/File Name field to underscores “_“ when creating the log or file names. POSIX portable characters are: Uppercase A to Z Logicube Talon Ultimate™ User’s Manual Period (.) 61 DEFAULT PASSWORDS Lowercase a to z Numbers 0 to 9 Underscore (_) Hyphen/Dash (-) 5.0.4 USB Device Connecting the Talon Ultimate to a computer via USB will allow the user to view any drive connected to the Talon Ultimate. In this mode, all drives connected to the Talon Ultimate are write-protected. This mode of operation is only available with the activation of the optional USB 3.0 Device Port Option which enables the front micro-B USB 3 port. When this type of operation is selected, the following screen will appear: Choose the drive to view then tap the ENGAGE icon. The ‘DRIVE STATUS’ for the selected drive will change to “ENGAGED” and the ENGAGE icon will change to DISENGAGE. At this point, connect a USB cable between the computer and the Talon Ultimate. Logicube Talon Ultimate™ User’s Manual 62 DEFAULT PASSWORDS Connect a USB cable (A Male to B Male USB cable, one was included with the Talon Ultimate) between the computer and the Talon Ultimate. Connect the USB B connector to the Talon Ultimate’s USB Device Port located on the back panel of the Talon Ultimate. Connect the USB A connector to an available USB port on the computer. After a few moments, Windows should assign a drive letter to the selected drive. The contents of the drive should now be accessible in Windows. When finished, tap the DISENGAGE icon to disengage the USB mode. The USB cable can now be disconnected from the computer and the Talon Ultimate. Only one drive can be engaged at a time. If the drive is not mounting properly, go to the Settings tab and change each setting one at a time, then disengage and re-engage the drive. 5.0.5 Logs The Talon Ultimate keeps logs of all imaging, hash, wipe, format, and push operations. Logs can be viewed directly on the Talon Ultimate or from a computer’s browser (if the Talon Ultimate is connected to a network). When using Drive to File mode (DD, E01, or EX01), log files are also stored in the Destination drive in the same folder as the image files. The log files in the Destination drive are available in PDF, HTML, and XML formats. In addition to viewing, the logs can be exported to an external USB location such as a USB flash drive. Logs are exported in PDF, HTML and XML format. Logicube Talon Ultimate™ User’s Manual 63 DEFAULT PASSWORDS From this screen, log files can also be deleted one at a time or all at once. Sample log viewed on-screen: The log file may contain several sections, depending on what settings and options were chosen during the operation, including: Information on the Talon Ultimate and its settings Case info (if entered) Source and Destination hashes See Section 3.51 for instructions on how to export the log files. See Section 3.5.2 for instructions on how to delete the log files. See Section 3.5.3 for instructions on how to Accessing the logs over a network. Logicube Talon Ultimate™ User’s Manual 64 DEFAULT PASSWORDS 5.0.6 Statistics This will display four tabs: About, Adv. Drive Statistics, Options, and Network Interface Stats About – This screen will show information about the Talon Ultimate including the current software installed. Adv. Drive Statistics – This shows S.M.A.R.T. (Self-Monitoring, Analysis and Reporting Technology) information taken directly from what the drive is reporting. Navigate between drives by using the left and right scroll arrows. The up and down scroll arrows scroll through the different information. The information shown is the raw value tracked by the drive and is not translated. Logicube Talon Ultimate™ User’s Manual 65 DEFAULT PASSWORDS Options – Displays which optional software is available and what is installed. Network Interface Stats – Displays the Network Interface statistics (Receive and Transfer bytes, packets, drops, and errors, and the link status). 5.0.7 System Settings The System Settings screen allows users to configure five different settings for the Talon Ultimate: User Profiles/Configurations Passwords Encryption Settings Language/Time Zone Display Logicube Talon Ultimate™ User’s Manual 66 DEFAULT PASSWORDS 5.0.7.1 User Profiles/Configurations This screen shows all user profiles/configurations for the Talon Ultimate. There are three options in this screen: New – Allows the user to create a new profile/configuration name. Save – Saves the selected profile/configuration. Load – Loads the selected profile/configuration. The Talon Ultimate will boot with the profile/configuration that has an asterisk (*) next to the name. User Profiles/Configurations can be copied from one Talon Ultimate to another using the Command Line Interface. Profiles/Configurations can also be backed up to a USB flash drive and restored if needed. More information including detailed step-by-step instructions can be found in Section 9.6. Profiles/configurations allow users to create different profiles or configurations. The profile/configuration can then be saved. When a profile/configuration is loaded using the Load icon, the Talon Ultimate will load that configuration during its boot process. For example, if the user wants the Talon Ultimate to always boot up with the default imaging mode to Drive to File with the setting of E01 with a segment size of 2GB: 1. Turn the Talon Ultimate off then back on. This will reset all settings to its default configuration. This is an important step to help ensure only the changes desired will be the changes saved. Logicube Talon Ultimate™ User’s Manual 67 DEFAULT PASSWORDS 2. Go to the Imaging screen and set the Mode to ‘Drive to File. 3. In the Settings, set the image to E01 and set the segment size to 2GB. 4. In the System Settings, go to User Profiles/Configurations and tap the New icon. 5. Type a name for this profile. For example, E01-2GB and tap the OK icon. The profile name should appear on the screen. 6. Tap the newly saved profile and tap Save. A confirmation screen will appear: 7. Tap the Yes icon to save the profile. 8. Make sure the profile to be loaded (during the boot process) is highlighted (in this case, E01-2GB.DB) and tap the Load icon. A confirmation screen will appear: 9. The profile is now loaded. Also, the next time the Talon Ultimate is turned on it will load the E01-2GB.DB profile. To delete a profile, tap the (delete) icon. A confirmation screen will appear. Tap the Yes icon to delete the selected profile. It is highly recommended that the Talon Ultimate is turned off then back on before making any changes to the profiles/configurations. This helps ensure that only the desired changes are saved. Logicube Talon Ultimate™ User’s Manual 68 DEFAULT PASSWORDS Do not highlight and save over the INITIAL.DB configuration. This is the default configuration of the Talon Ultimate and is used to reset the Talon Ultimate to the factory default settings. 5.0.7.2 Passwords There are two sets of passwords that can be entered on the Talon Ultimate. Log File Deletion Password – A password can be set as an extra layer of protection when deleting log files. If this password is set, Talon Ultimate will prompt for the password before any log files can be deleted. Config Lock – The Talon Ultimate can be configured to lock out any configuration changes. When this is enabled, changes to the different types of operations cannot be made without entering the correct key or password. Different types of operations can still be started. For example, when the Talon Ultimate is locked, and it is configured for Drive to Image Imaging mode, the user will be unable to change this mode to Drive to Drive or File to File, but can start the Drive to Image task. Tap Password or Key to enter a log file deletion password or a config lock key. The following screen will appear. Logicube Talon Ultimate™ User’s Manual 69 DEFAULT PASSWORDS Tap the Enable icon to enter a password or key. The available characters are 0 through 9 and A through F. 5.0.7.2.1 Additional information for Config Lock Tap the Auto Lock icon to set the time to automatically lock the configuration and require a password. By default, this is set to 1 minute. A shortcut (and indicator) to the config lock can always be seen on the Talon Ultimate’s screen. It is located on the top-right of the screen, next to the Talon Ultimate logo. While in a locked state, the following operations will be affected as follows: Imaging – An imaging task can be started, but no settings can be changed. Additionally, no new task can be added, and no task can be deleted without the unlock key. Hash – A hash task can be started, but no settings can be changed. Additionally, no new task can be added, and no task can be deleted without the unlock key. Wipe – A wipe task can be started, but no settings can be changed. Additionally, no new task can be added, and no task can be deleted without the unlock key. USB Device – Since there are no settings or configurations for this operation, it is not affected by Config Lock. Logs – Since there are no settings or configurations for this operation, it is not affected by Config Lock. Statistics – Since there are no settings or configurations for this operation, it is not affected by Config Lock. Logicube Talon Ultimate™ User’s Manual 70 DEFAULT PASSWORDS System Settings – This entire section cannot be accessed without the unlock key. Software Updates – This entire section cannot be accessed without the unlock key. Power Off – This entire section cannot be accessed without the unlock key. The Passwords can be saved into a user profile/configuration and loaded each time the Talon Ultimate is turned on. See Section 5.0.7.1 for more information on saving and loading a user profile/configuration. The Talon Ultimate can still be turned off without the unlock key by using the power button located on the top of the Talon Ultimate. Remember the Config Lock Key! If the Talon Ultimate is configured to load with the Config Lock set (enabled) the only way to delete the Config Lock is to reset the Talon Ultimate using the Command Line Interface (CLI). 5.0.7.2.2 Forgotten password or config lock key If the Log File Deletion password or Config Lock key is forgotten, the Talon Ultimate will need to be reset using the Command Line Interface (CLI). See Section 10.2 for more information on how to connect to the Talon Ultimate using the CLI. Once connected to the CLI: Logicube Talon Ultimate™ User’s Manual 71 DEFAULT PASSWORDS 1. Login with the username “it” (without the quotes) and the password “it” (without the quotes). 2. From the main prompt, type command then press the enter key. 3. Type config then press the enter key. 4. Type db list then press the enter key. This will show a list of databases or configurations saved. The example below shows two databases (the default initial.db and Lock.db). The db that shows an asterisk (*) before the name is the current database or configuration being loaded each time the Talon Ultimate is turned on. 5. Type db load initial.db then press the Enter key to load the default database. There should be a response showing “Command (DbManagement) Successful”. 6. Type db list again and there should be an asterisk (*) on initial.db. 7. Turn the Talon Ultimate off using the power switch located in the back of the device, and close the Telnet/SSH application. 8. Wait for the Talon Ultimate to completely turn off then turn it back on. When the Talon Ultimate boots up, it will load the default configuration. The default configuration can be checked by going to System Settings and looking at the User Profiles/Configurations tab. INITIAL.DB should have an asterisk next to it (as seen below). Logicube Talon Ultimate™ User’s Manual 72 DEFAULT PASSWORDS 5.0.7.3 Encryption Settings The Talon Ultimate allows imaging drives onto a Destination where the data on the Destination drive is encrypted. Destination drives that are encrypted by the Talon Ultimate can be decrypted by using the Talon Ultimate or third party software (VeraCrypt, TrueCrypt, or FreeOTFE). For in-depth information on encrypting and decrypting a drive using the Talon Ultimate, or decrypting a drive using VeraCrypt, TrueCrypt, or FreeOTFE, please see Chapter 7: Drive Encryption and Decryption. There are 4 parameters that must be configured before encryption can be used. These 4 parameters are necessary to decrypt and read the Destination drive properly: Cipher Mode – Users can choose between VCRYPT, TCXTS, CBC (cbc-plain64.) or ECB (cbc-essiv:sha256) cipher modes. Cipher – At this time, only the AES-256 cipher is supported. IV Generation – Unavailable when VCRYPT or TC-XTS cipher mode is selected. If CBC or ECB cipher mode is selected, users can choose between PLAIN64 and ESSIV:SHA256. Encryption (Password or Key) – Users must choose their own encryption password/key. There are 2 imaging modes in which encryption can be used: Drive to File – Images the Source to any of the following image output formats: DD, E01, and EX01. This will have a partition level encryption where only the partition (on the Destination or Repository) where the images are created will be encrypted. File to File – Image specific files (by filename, extension, etc.). The files will be sorted by path (based on where the file is located on the Source and each file will be hashed. This will have a partition level encryption where only the partition (on the Destination or Repository) where the images are created will be encrypted. There are many articles on the Internet about AES-256 encryption and the different modes and settings that come with encryption. Logicube Talon Ultimate™ User’s Manual 73 DEFAULT PASSWORDS 5.0.7.4 Language/Time Zone The Talon Ultimate’s menu system’s language can be changed. At this time, the available languages are English, Chinese (中文), Korean (한국어), and Japanese (日本語). This screen also allows the time zone to be set. 5.0.7.4.1 Language Four languages are available at this time. Select English, Chinese (中文), Korean (한국어), or Japanese (日本語) to change the language displayed. As soon as the selection is made, the Talon Ultimate’s screen (or the computer’s Internet browser) will automatically refresh and display the selected language. The Custom button is reserved for future language releases. 5.0.7.4.2 Time Zone The Talon Ultimate utilizes NTP (Network Time Protocol). Each time the Talon Ultimate is connected to a network with internet access, it will automatically check for the correct time using NTP and adjust the time as needed. The Talon Ultimate also has a time zone setting. Tap Time Zone to select the time zone region. Tap the OK icon to continue. Logicube Talon Ultimate™ User’s Manual 74 DEFAULT PASSWORDS After selecting the region, select the time zone where the Talon Ultimate is located. Tap the OK icon to set the time zone. 5.0.7.5 Display Brightness – The Talon Ultimate’s screen’s brightness may need to be adjusted, depending on the user’s preference. To adjust the brightness, use the left or right arrow icons on the screen. The screen’s brightness will adjust accordingly. The screen brightness cannot be saved and loaded as a user profile/configuration. Each time the Talon Ultimate boots, the brightness will be reset to 80%. Logicube Talon Ultimate™ User’s Manual 75 DEFAULT PASSWORDS Stealth Mode – Stealth mode turns the Talon Ultimate’s screen off, allowing privacy so no one can see what the Talon Ultimate is doing. When Stealth mode is activated, currently running operations continue to run. To turn Stealth mode on, tap ON. To turn Stealth mode off and restore the Talon Ultimate’s display, tap anywhere on the screen. Stealth mode will not have any effect when using the Graphical User Interface through a computer’s Internet browser. 5.0.8 Network Settings The Network settings screen allows certain services to be enabled or disabled in the Services tab. There is also an HTTP Proxy tab where proxy server information can be entered. 5.0.8.1 Services There are 6 services that can be disabled (enabled by default): SSH – Disabling this will block Secure Shell (SSH) traffic. Telnet – Disabling this will block Telnet traffic. HTTP – Disabling this will block web browser connections to the Talon Ultimate. Logicube Talon Ultimate™ User’s Manual 76 DEFAULT PASSWORDS CIFS/NETBIOS – Disabling this will block any CIFS or NETBIOS connection to the Talon Ultimate (for example, Windows Explorer). Iperf – Disabling this will block Iperf traffic (a network tool to measure bandwidth performance). Ping – Disabling this will block ping access to the Talon Ultimate. Disabling any of the services above will disallow the types of communication controlled by those services. For example, if HTTP is disabled, users will not be able to see the Talon Ultimate through a web browser over the network. Please contact your Network or Systems Administrator before changing any of these services. 5.0.8.2 HTTP Proxy If the network the Talon Ultimate is connected to uses an HTTP proxy server to access the Internet, a proxy settings may need to be set in order for the Talon Ultimate to be able to update software from a network (over the internet),. This typically includes a server (or IP address), a host port, a username and password. 5.0.8.2.1 Server Tap the Server icon to set the IP address (or server name) and port of the proxy server. Logicube Talon Ultimate™ User’s Manual 77 DEFAULT PASSWORDS 5.0.8.2.2 Username/Password If the proxy server requires a username and password for authentication, tap the Username/Password icon to set this information. 5.0.9 Software Update New and improved software will be released from time to time. There are two ways to update the software on the Talon Ultimate: From the web via a network connection or from a USB drive. For the latest step-by-step instructions on how to update the Talon Ultimate software, please read the Talon Ultimate Software readme file located on the Talon Ultimate Support page on the Logicube website at http://www.logicube.com. In-depth information on updating the Talon Ultimate software can be found in Chapter 8: Updating the Talon Ultimate Software. 5.0.10 Power Off There are two tabs in the Power Off screen: Logicube Talon Ultimate™ User’s Manual 78 DEFAULT PASSWORDS POWER OFF – The Talon Ultimate can be remotely turned off by going to this tab. Additionally, the Graphical User Interface (GUI) can be refreshed. DRIVE POWER – Inactive drives connected to the Talon Ultimate can be set to go to standby mode in this tab. The default is set to 0 minutes (OFF). Logicube Talon Ultimate™ User’s Manual 79 6: Security – Changing the default passwords 6.0 Changing the default passwords - Introduction The Talon Ultimate comes with default accounts created. It is highly recommended to change the default passwords for security purposes. logicube it If the new password(s) cannot be remembered, a system recovery must be performed to reset the passwords back to the default values. Contact Logicube Technical Support for instructions on how to perform a system recovery. 6.0.1 Changing the logicube password For the username: logicube 1. Telnet or SSH to the Talon Ultimate and login using the user logicube and the password logicube. Alternatively, you can connect a USB keyboard one of the two USB ports in front of the Talon Ultimate then use the following key combinations: Alt+2 then Alt+Shift+Enter. 2. Once logged in and/or the logicube prompt appears, type the following commands, one line at a time (Press the Enter key after each command/line): sudo mount -o remount,rw / passwd 3. The following prompt will appear: Changing password for logicube. (current) UNIX password: 4. Type the current password (by default, “logicube” without the quotes) then press the Enter key. The following prompt will appear: Enter new UNIX password: 5. Type a new password then press the Enter key. The following prompt will appear: Retype new UNIX password: 6. Type the new password again then press the Enter key. The following response should appear: ® Logicube Talon Ultimate User’s Manual 80 DEFAULT PASSWORDS passwd: password updated successfully 7. Type the following command then press the Enter key: sudo mount -o remount,ro / 8. Close the Telnet or SSH client or if you are directly connected to the Talon Ultimate with a USB keyboard, use the following key combinations: Alt+1 6.0.2 Changing the it password To change these passwords, you will need to telnet or SSH to the Talon Ultimate (see sections 9.3.1 and 9.3.2 for instructions on how to connect via Telnet or SSH). 1. Login with the username it and the default password it. The Command Line Interface (CLI) should appear. 2. Type the following commands one line at a time (Press the Enter key after each command/line): command config user set –n it –p xxxxx –g itgrp xxxxx would be the new password you would like to use for the IT user account. 3. Once the new password is entered, the telnet or SSH connection should be terminated/disconnected. Logicube Talon Ultimate™ User’s Manual 81 7: Drive Encryption and Decryption 7.0 Drive Encryption/Decryption - Introduction The Talon Ultimate allows imaging drives onto a Destination where the data on the Destination drive is encrypted. This is only supported when using the Drive to File mode. Talon Ultimate can also decrypt drives that were encrypted using the Talon Ultimate. Alternatively, third party utilities can be used to decrypt a drive encrypted by the Talon Ultimate such as VeraCrypt, TrueCrypt, and FreeOTFE. In the System Settings screen, there is an Encryption Settings tab used to configure the Talon Ultimate for encryption. There are up to four (4) parameters that must be configured before encryption can be used. These parameters are necessary to decrypt and read the Destination drive and can be configured in the Encryption Settings page on the Talon Ultimate: Cipher Mode – Users can choose between TC-XTS, CBC, ECB, or VCRYPT cipher modes. CBC or ECB cipher modes can be decrypted using the Talon Ultimate or FreeOTFE. TC-XTS cipher mode can be decrypted using the Talon Ultimate or TrueCrypt. VCRYPT cipher mode can be decrypted using the Talon Ultimate or VeraCrypt. The Talon Ultimate encrypts drives using AES 256 encryption regardless of what cipher mode is used. If TC-XTS is used, Talon Ultimate uses a TrueCrypt friendly format and does not use TrueCrypt to encrypt the drive. The encryption key is not stored on the Destination drive. Cipher – At this time, only the AES-256 cipher is supported. IV Generation – Initialization Vector. Only available when CBC or ECB cipher mode is selected. Choose between PLAIN64 and ESSIV:SHA256. Encryption (Password or Key) – Users must choose their own encryption password/key. There are many articles on the Internet about AES-256 encryption and the different modes and settings that come with encryption. ® Logicube Talon Ultimate User’s Manual 82 DRIVE ENCRYPTION & DECRYPTION 7.1 Encrypting a Destination To encrypt a Destination, the Encryption settings must be set and the drive will need to be formatted using the Talon Ultimate. These steps must be performed prior to an Imaging operation. 7.1.1 Step-by-step Instructions 1. 2. 3. 4. 5. Select System Settings from the types of operation on the left side. Tap the Encryption Settings tab. Set the Cipher Mode, Cipher, IV Generation, and Password. Select Wipe from the types of operation on the left side. Tap the Destination icon and select the Destination drive to be formatted and encrypted. 6. Tap the Settings icon. If the Destination needs to be wiped, choose the type of wipe to be performed (Secure Erase and/or Wipe Patterns). If Wipe Patterns is selected, choose the type of Wipe Pattern to perform (DoD or Custom). If the drive has an HPA or DCO area that needs to be wiped, tap the HPA/DCO icon and select Yes to wipe the HPA or DCO area of the drive. If a Wipe Pattern was selected, tap the Passes icon to edit the number of passes and what gets written on each pass. If DoD was selected, a 7th pass value must be chosen. 7. Tap the Format Settings icon to change the Format setting. a. Set Format to ON. b. Select the desired File System (EXT4 or NTFS). c. Set Encryption to ON. When finished, tap the OK icon. Logicube Talon Ultimate™ User’s Manual 83 DRIVE ENCRYPTION & DECRYPTION The Talon Ultimate will perform each of the settings sequentially. For example, if Secure Erase is set to ON, a Wipe Pattern mode is specified, and Format is set to On, the Talon Ultimate will first secure erase the drive, then wipe the drive according to the mode specified, then format the drive. 8. Tap the Start icon to start the wipe task. The Talon Ultimate will perform a Secure Erase first (if selected), then a Wipe Pattern (if selected), then finally a Format with encryption. 7.1.2 Using previously encrypted Destination drives If a previously encrypted Destination drive is going to be used and the Talon Ultimate has been turned off since the last time the encrypted drive was used, the encryption settings must be set with the same encryption settings previously used before connecting the drive. 1. Turn the Talon Ultimate on. Make sure the previously encrypted Destination drive is not connected. 2. From the main menu, select System Settings from the types of operations on the left side. 3. Tap the Encryption Settings tab. 4. Set the Cipher Mode, Cipher, IV Generation, and Password that was used for the previously encrypted Destination drive. 5. Connect the previously encrypted Destination drive to one of the Destination ports. If the same encryption settings are commonly used, the encryption settings and configuration can be saved as a profile so they do not have to be entered manually all the time. 7.2 Decrypting a Talon Ultimate encrypted Destination drive with a Talon Ultimate Talon Ultimate can decrypt a Destination drive encrypted by the Talon Ultimate. To decrypt the drive using a Talon Ultimate, the correct encryption settings must be set. After the encryption settings are set, the drive needs to be connected to the Talon Ultimate, and the Talon Ultimate can then be connected to a computer via USB. This mode of operation is only available with the activation of the optional USB 3.0 Device Port Option which enables the front micro-B USB 3 port. Logicube Talon Ultimate™ User’s Manual 84 DRIVE ENCRYPTION & DECRYPTION If the Destination drive was formatted with the EXT4 file system, please read Chapter 11 for information on how to view EXT4 in Windows. 7.2.1 Step-by-step Instructions 1. Turn the Talon Ultimate on. Make sure the previously encrypted Destination drive is not connected. 2. From the main menu, select System Settings from the types of operations on the left side. 3. Tap the Encryption Settings tab. 4. Set the Cipher Mode, Cipher, IV Generation, and Password. These should be set to the same values as to how the drive was encrypted. If the values are incorrect, the drive will not be decrypted properly and the data will be unrecognizable. 5. Connect the previously encrypted Destination drive to one of the Destination ports. 6. Select USB Device from the types of operation on the left side. When this type of operating is selected, the following screen will appear: 7. Choose the drive to be viewed then tap the ENGAGE icon. The ‘DRIVE STATUS’ for the selected drive will change to “ENGAGED” and the ENGAGE icon will change to DISENGAGE. At this point, connect a USB cable between the computer and the Talon Ultimate. Logicube Talon Ultimate™ User’s Manual 85 DRIVE ENCRYPTION & DECRYPTION 8. Connect a micro-B USB 3 cable (A to micro-B) between the computer and the Talon Ultimate. Connect the micro-B connector to the Talon Ultimate’s USB Device Port located on the front panel of the Talon Ultimate. Connect the USB A connector to an available USB port on the computer. 9. After a few moments, Windows should assign a drive letter to the selected drive. The contents of the drive should now be accessible in Windows. 10. When finished, tap the DISENGAGE icon to disengage the USB mode. The USB cable can now be disconnected from the computer and the Talon Ultimate. If the data on the drive is unrecognizable, disconnect the drive, then double-check the encryption settings (steps 2 through 4), then re-connect the drive 7.3 Decrypting the drive without a Talon Ultimate In order to mount and read an encrypted Destination drive in Windows, without using a Talon Ultimate, Logicube recommends one of three third-party utilities called VeraCrypt, TrueCrypt or FreeOTFE. Other utilities may work, but are not supported or tested by Logicube. VeraCrypt can be downloaded from: https://veracrypt.codeplex.com/ TrueCrypt can be downloaded from (for decryption purposes only): http://truecrypt.sourceforge.net/ FreeOTFE can be downloaded from: http://sourceforge.net/projects/freeotfe.mirror/files/latest/download To install FreeOTFE the verification of signed drivers must be disabled. Here is a link that might help: http://en.kioskea.net/faq/3914-windows-7-disable-signature-verification-ofdrivers There are other ways of installing unsigned drivers. Several different ways can be found by searching the Internet for “install unsigned drivers”. If the Destination drive was formatted with the EXT4 file system, please read Chapter 11 for information on how to view EXT4 in Windows. Logicube Talon Ultimate™ User’s Manual 86 DRIVE ENCRYPTION & DECRYPTION 7.3.1 Which decryption software to use? The decryption software to use (VeraCrypt, TrueCrypt or FreeOTFE) depends on how the Destination drive was encrypted. VeraCrypt – Use this software if the Destination drive was encrypted with the VCRYPT cipher mode. TrueCrypt – Use this software if the Destination drive was encrypted with the TC-XTS cipher mode. FreeOTFE – Use this software if the Destination drive was encrypted with the CBC or ECB cipher mode. 7.3.2 Decrypting using VeraCrypt Requirements: VeraCrypt installed. A drive encrypted by the Talon Ultimate using the VCRYPT cipher mode connected to the computer with VeraCrypt. 1. Once the drive is connected to the computer, Open VeraCrypt. Logicube Talon Ultimate™ User’s Manual 87 DRIVE ENCRYPTION & DECRYPTION 2. Click Select Device and choose the partition of the connected drive then click OK. 3. Click Mount. Logicube Talon Ultimate™ User’s Manual 88 DRIVE ENCRYPTION & DECRYPTION 4. Type the encryption password in the Password field. Click on the checkbox for Use PIM. 5. Once Use PIM is checked, a new field will appear. Type 100 in the Volume PIM field then click OK. 6. The drive should now be mounted and assigned a drive letter. Logicube Talon Ultimate™ User’s Manual 89 DRIVE ENCRYPTION & DECRYPTION 7. The drive should now be accessible in Windows. 7.3.3 Decrypting using TrueCrypt Requirements: TrueCrypt properly installed. A drive encrypted by the Talon Ultimate using the TC-XTS cipher mode connected to the computer with TrueCrypt. 1. Once the drive is connected to the computer, open TrueCrypt and select Volumes from the menu system, then click Select Device… Logicube Talon Ultimate™ User’s Manual 90 DRIVE ENCRYPTION & DECRYPTION 2. The ‘Select a Partition or Device’ window will appear. Select the partition of the drive. Do not select the actual drive itself. Click OK to continue. 3. Verify the Volume shows the correct device and partition. Click Mount to continue. Logicube Talon Ultimate™ User’s Manual 91 DRIVE ENCRYPTION & DECRYPTION 4. The password screen will appear. Enter the password used to encrypt the drive then click OK to continue. TrueCrypt has a setting to mount the drive as “read-only” which is a software write-block. This setting can be found by clicking Mount Options… A hardware write-block device may be used instead, if needed. 5. TrueCrypt will mount the drive and assign it a drive letter. Logicube Talon Ultimate™ User’s Manual 92 DRIVE ENCRYPTION & DECRYPTION 6. The Destination drive should now be accessible in Windows. If the Destination drive was formatted with the EXT4 file system, and Ext2Fsd is not installed, the following messages may appear in Windows. Make sure Ext2Fsd is installed if the Destination drive was formatted with the EXT4 file system. 7.3.4 Decrypting using FreeOTFE Requirements: FreeOTFE properly installed A drive encrypted by the Talon Ultimate using the CBC or ECB cipher mode connected to the computer with FreeOTFE. Logicube Talon Ultimate™ User’s Manual 93 DRIVE ENCRYPTION & DECRYPTION 1. Open FreeOTFE. In the main window, click File then Linux volume then Mount partition… 2. Select the encrypted disk to mount (in this example, it is Disk #5). Place a check mark on the Entire disk option. FreeOTFE cannot read the partition table on the drive since it is encrypted at this time. 3. In the Key tab, enter the Key (password) and make sure the Hash is set to RIPEMD-160. Logicube Talon Ultimate™ User’s Manual 94 DRIVE ENCRYPTION & DECRYPTION 4. In the Encryption tab, set the Cipher to AES (256 bit CBC). Set the Initialization Vector (IV) generation method to match what was used in the IV Generation on the Talon Ultimate. In this example, “plain64’ was used. In the ‘Sector zero location’, choose Start of encrypted data. 5. In the File options tab, set the Offset to 1048576. Since the Talon Ultimate uses the EXT4 file system, the offset is at 2048 sectors, or 1048576 bytes. Logicube Talon Ultimate™ User’s Manual 95 DRIVE ENCRYPTION & DECRYPTION OPTIONAL: In the Mount options tab, the disk can also be mounted with write protection. To do so, make sure the Mount readonly option is checked. Windows may not mount the drive if this option is checked. If this is the case, use a write-protect device and uncheck the Mount readonly option. 6. Click the OK button. The following warning screen may appear. Click the Yes button to continue. 7. FreeOTFE will mount the drive and assign a drive letter. Logicube Talon Ultimate™ User’s Manual 96 DRIVE ENCRYPTION & DECRYPTION 8. Click the OK button to continue. The drive should appear in the FreeOTFE window. 9. The Destination drive should now be accessible in Windows. If the Destination drive was formatted with the EXT4 file system, and Ext2Fsd is not installed, the following messages may appear in Windows. Make sure Ext2Fsd is installed if the Destination drive was formatted with the EXT4 file system. Logicube Talon Ultimate™ User’s Manual 97 8: Updating the Talon Ultimate Software 8.0 Loading New Software New and improved software will be released from time to time and will always be available on the Talon Ultimate support page. Browse to http://www.logicube.com. Point your mouse to Tech Support and select Product Knowledge Base. 8.1 Software Loading Instructions There are two methods of how to update the Talon Ultimate software: A. FROM NETWORK – Via the Internet through a network connection B. FROM USB DRIVE – Via software file download onto a USB drive flash. The actual software installation will take about 5 minutes. If FROM NETWORK was chosen, the total time can exceed 10 to 20 minutes (or longer) depending on Internet speeds and Internet traffic. The most up-to-date instructions on updating the software can be found on the Talon Ultimate’s support page. 8.1.1 From Network – Via the web 1. Connect the Talon Ultimate to a network with Internet access. Set the proxy settings (IP settings) if necessary. Attach a network cable to the back of the Talon Ultimate. The Talon Ultimate is DHCP enabled by default. 2. From the main menu on the Talon Ultimate, tap the down arrow twice then tap the Software Updates icon. A screen will appear showing the current version of software installed towards the top of the screen. 3. Select From Network. The Talon Ultimate will check for a newer version on the web. If one is found, it will display the version on the screen and the Update icon will be selectable. 4. Tap the Update icon to begin the update. A confirmation screen will appear. Tap Yes to continue the update. ® Logicube Talon Ultimate User’s Manual 98 UPDATING TALON ULTIMATE SOFTWARE 5. Do not interrupt the update process. It may take several minutes. Once completed, a ‘Successful’ screen will appear. 6. Reboot the Talon Ultimate by turning the unit off then back on using the Power switch in the back of the unit. 7. Verify the software version at the top of the ‘Software Updates’ screen. 8.1.2 From USB Drive – Via software download The latest software can also be downloaded from Logicube’s website and be placed onto a USB flash drive. It is recommended to use an empty USB flash drive. Download the latest software from the Talon Ultimate product support page at http://www.logicube.com/knowledge/Talon-Ultimate 1. Download the zip file from the download page. 2. Extract the contents of the downloaded zip file to the root of the USB flash drive (the file must not be in any folder). Do not connect the USB flash drive yet. The Talon Ultimate will display a message when to connect the USB drive. If the computer being used to extract the contents of the downloaded zip file has the software WinZip, or other third party zip software, please review Section 8.1.2.1 before proceeding. 3. From the main screen, tap the Software Updates icon. 4. Select From USB Drive. The Talon Ultimate will prompt for the USB drive to be connected to USB_S1. 5. Connect the USB drive to USB_S1. Talon Ultimate will then check for the version of the software on the USB drive and will display that version on the box next to the selected location. 6. Tap the Update icon to begin the update. A confirmation screen will appear. Tap Yes to continue the update. Do not interrupt the update process. It may take several minutes. Once completed, a ‘Successful’ screen will appear. 7. Reboot the Talon Ultimate by turning the unit off then back on using the Power switch in the back of the unit. 8. Verify the software version at the top of the ‘Software Updates’ screen. Logicube Talon Ultimate™ User’s Manual 99 UPDATING TALON ULTIMATE SOFTWARE 8.1.2.1 Extracting the software download on a computer with WinZip (or other third party zip software) WinZip and other third party zip software may improperly extract the files required for the software update. There are compressed files within the download that need to stay compressed. If the computer being used to extract the software download has WinZip or other third party zip software, it is highly recommended to use the built-in utility in Windows. If the downloaded zip file is highlighted and WinZip is installed, there will be an option to ‘Open with WinZip’. A computer without WinZip installed will have an option to ‘Open’ when the file is highlighted. If WinZip is installed, highlight the downloaded zip file then click the arrow pointing downward next to ‘Open with WinZip’. A drop-down menu will appear. Select Windows Explorer. Windows Explorer will open the zip file and the files can be extracted using the Extract all files function to the USB flash drive. This will bypass WinZip and use the built in utility in Windows. Logicube Talon Ultimate™ User’s Manual 100 UPDATING TALON ULTIMATE SOFTWARE 8.2 Firmware Loading Instructions Some software releases may contain a firmware upgrade. The steps below outline how to check if the Talon Ultimate requires a firmware upgrade: After the software is updated on the Talon Ultimate, from the main menu, tap the down arrow twice then tap the Software Updates icon. 2. Tap the “Firmware Update” page. One of two screens will appear: a. FIRMWARE UPGRADE AVAILABE – Tap the Update icon. A message will appear: “FIRMWARE UPDATE COULD TAKE UP TO A FEW MINUTES TO COMPLETE; PLEASE DO NOT INTERRUPT POWER DURING THIS TIME. ON COMPLETION THE UNIT WILL AUTO-RESTART AND CONFIRM THE UPDATE.” Tap the OK icon to start the firmware update process. 1. When the OK icon is tapped, the screen may appear to do nothing. Do not keep tapping the OK icon. The firmware update will take no more than 60 seconds. When the firmware update finishes, the Talon Ultimate will reboot automatically. b. FIRMWARE UPGRADE NOT AVAILABLE – This message will appear if the device does not require a firmware update. No further action is necessary if this message appears. Logicube Talon Ultimate™ User’s Manual 101 9: Remote Operation 9.0 Remote Operation - Introduction The Talon Ultimate comes with a gigabit network connection in the back of the unit. Connecting the Talon Ultimate to a network allows remote access to the Talon Ultimate from any computer within the same network. The Talon Ultimate is configured for DHCP by default. See Section 9.5 for instructions on how to configure the Talon Ultimate with a Static IP address. The Talon Ultimate is setup with a Zero Configuration Network (Zeroconf). There are two ways to access the Talon Ultimate: Web interface – A graphical interface using an Internet browser where the screens are shown exactly the way they appear on the Talon Ultimate Command Line Interface (CLI) – A text only command line interface that can be accessed one of two ways: i. Telnet (via a network connection) ii. SSH (Secure Shell via a network connection) BROWSER COMPATIBILITY: Google Chrome and Mozilla Firefox are recommended. Other browsers may not display the Graphical User Interface (GUI) properly. 9.1 Web Interface Using a web browser, go to the IP address or the name of the Talon Ultimate with its serial number. Both IP address and serial number can be found by going to the Statistics screen on the Talon Ultimate. For example, browse to http://192.168.1.100 or http://talon-XXXXXX where XXXXX is the 6 digit serial number of the Talon Ultimate. The Talon Ultimate’s web interface will appear on the browser screen. All screens and operations available on the Talon Ultimate will be available on the browser. On some browsers or Operating Systems, the Talon Ultimate will need to be accessed by browsing to http://talon-XXXXXX.local. The Talon Ultimate can be controlled by clicking on the icons appearing on the browser window. ® Logicube Talon Ultimate User’s Manual 102 REMOTE OPERATION 9.2 Command Line Interface (CLI) The Talon Ultimate also has a CLI, or Command Line Interface. This interface has no graphical content and is all command line (text) based and is for advanced users who have knowledge of command line functions. This type of connection requires a Telnet or SSH client. There are several telnet and SSH clients available from different software companies. Microsoft Windows also has a built-in Telnet client that can be used. Windows XP has a built-in Telnet client. Windows Vista, 7, 8, 8.1, and 10 have a built-in Telnet client but is not installed by default. Installing the Telnet client may require the assistance of a Network or Systems Administrator. Other third party Telnet programs are available. All versions of Windows do not have a built-in SSH client. The instructions in this manual only refer to the clients that come with Windows. There are many third party Telnet or SSH clients available. For instructions and support for third party clients, please contact the software manufacturer. 9.3 Installing the Telnet client in Windows Vista, 7, 8, 8.1, or 10 By default, the Telnet Client is not installed with Windows, but it can be installed it by following the steps below: 1. Open Control Panel and select either Programs & Features or Programs. 2. Click Turn Windows features on or off. If a prompt for an administrator password or confirmation, type the administrator password or provide confirmation (A Network or Systems Administrator may be required for administrator access). 3. In the Windows Features dialog box, select the Telnet Client check box. 4. Click OK. The installation might take several minutes. 9.3.1 Connecting via Telnet Once the Telnet client is installed, follow the steps below to connect using the Windows Telnet client. 1. Connect the Talon Ultimate to the network by attaching a network cable (CAT 6 type) to the RJ45 connector in the back of the Talon Ultimate. 2. Turn the Talon Ultimate on and allow it to boot up completely. 3. Open the Telnet client. a. For Windows XP, click Start > Run. The Run window should appear. Type telnet in the Open: field and press Enter. The Telnet window should appear. Logicube Talon Ultimate™ User’s Manual 103 REMOTE OPERATION b. For Windows Vista or 7, click Start and in the Search field, type Telnet. Telnet should appear in search results. 4. Type open followed by the IP address or name of the Talon Ultimate. For example open 192.168.1.100 or open Talon Ultimate-XXXXXX where XXXXXX is the 6 digit serial number of the Talon Ultimate, then press Enter. The Talon Ultimate login screen should appear. Note: On some Operating Systems, the Talon Ultimate will need to be accessed by opening Talon Ultimate-XXXXXX.local. 5. Login with the username “it” (without the quotes) and the password “it” (without the quotes). 6. A prompt should appear on the Telnet window. 7. The Talon Ultimate can now be configured or managed via the command line interface. 9.3.2 Connecting via SSH Connecting to the Talon Ultimate via SSH (Secure Shell) is very similar to connecting via Telnet. Since Windows does not have a built-in SSH client, a third party SSH client will need to be downloaded and installed to connect via SSH. For instructions and support on how to use third party SSH clients, please contact the SSH client’s manufacturer. 1. Connect the Talon Ultimate to the network by attaching a network cable (CAT 6 type) to the RJ45 connector in the back of the Talon Ultimate. 2. Turn the Talon Ultimate on and allow it to boot up completely. 3. Open the SSH client and select an SSH connection. 4. Connect to the Talon Ultimate either by IP address or by name. The name of the Talon Ultimate will be Talon Ultimate-XXXXXX where XXXXXX is the serial number of the Talon Ultimate). On some Operating Systems, the Talon Ultimate will need to be accessed by opening Talon Ultimate-XXXXXX.local. Login with the username “it” (without the quotes) and the password “it” (without the quotes). 6. A prompt should appear in the SSH window. 5. 7. The Talon Ultimate can now be configured or managed via the command line interface. Logicube Talon Ultimate™ User’s Manual 104 REMOTE OPERATION 9.4 Zero Configuration Networking (Zeroconf) The Talon Ultimate has the capabilities for Zero Configuration Networking (Zeroconf). Zeroconf allows devices to automatically create a usable computer network based on the Internet Protocol Suite (TCP/IP). For example, when the Talon Ultimate is connected (connected via a network cable) directly to a Windows based computer that is DHCP enabled, both the Talon Ultimate and the Windows based computer will automatically configure themselves to be seen by each other using TCP/IP. 9.5 Configuring the Talon Ultimate with a static IP address The Talon Ultimate is DHCP enabled by default. Some networks do not support DHCP and require a static IP address. The Talon Ultimate can be configured with a static IP address and needs to be connected to a network with DHCP first. 9.5.1 Step-by-step instructions – Static IP address 1. Connect the Talon Ultimate to a network with DHCP. 2. Turn the Talon Ultimate on. The Talon Ultimate should automatically assign itself an IP address that the Windows computer can see. Go to the Statistics screen on the Talon Ultimate and take a look at the HostName and IPAddress. 3. Using Telnet or SSH, connect to the Talon Ultimate. Instructions on how to connect via Telnet or SSH can be found in Section 9.3.1 or 9.3.2. 4. Once logged in to the Talon Ultimate via CLI, follow these steps to set the IP address to a static IP: a. From the main prompt, type command then press the enter key. b. Type config then press the enter key. c. Type net del -n eth0 to delete the current network configuration. d. The following information is required: a static IP, the netmask, network gateway, the network nameserver, the domain. For example: i. IP Address: 192.168.1.123 ii. Netmask: 255.255.255.0 iii. Gateway: 192.168.1.10 iv. Nameserver: 192.168.1.10 (typically the same as the gateway unless the network has a specific nameserver IP. v. Domain: LG Logicube Talon Ultimate™ User’s Manual 105 REMOTE OPERATION Networks are configured differently and the necessary settings may require the assistance of a Network or Systems Administrator. e. Based on the info above, the example for this line will be to type (case sensitive): net add -n eth0 -t static -a 192.168.1.143 -m 255.255.255.0 -g 192.168.1.1 -N 192.168.1.1 -d lg then press the enter key. f. The Talon Ultimate should respond with the following: Command (DbNetworkConfig) Successful g. Now we need to save the configuration. Type db save staticip.db then press the enter key. A “Successful” message should appear. h. Type db load staticip.db to load the database configuration. i. Perform a full shut down on the Talon Ultimate. Wait about 30 seconds then turn the Talon Ultimate back on. The Talon Ultimate should load the new configuration. The IP address can be checked by going to the Statistics screen. Logicube Talon Ultimate™ User’s Manual 106 9.6 Copying User Profiles/Configurations from one Talon Ultimate to another User profiles can be copied from one Talon Ultimate to another using the Command Line Interface (CLI). The Talon Ultimate units must be on the same network and all User Profiles/Configurations will be copied over. This can be useful when non-default profiles/configurations are setup, and multiple Talon Ultimate units need to have the same profiles/configurations. Instead of configuring each Talon Ultimate one at a time, all Talon Ultimate units can have the same profiles/configurations with a few simple commands. 9.6.1 Step-by-step – Copying User Profiles/Configurations 1. Set up any (or all) User Profiles/Configurations on one Talon Ultimate. Make sure each profile/configuration is saved, and load the profile/configuration that should be loaded during each time the Talon Ultimate is turned on. 2. Connect two or more Talon Ultimate units to a network. One of the Talon Ultimate units connected should be the one with the profiles/configurations already set up. 3. Using Telnet or SSH to the Talon Ultimate with the profiles/configurations already set up, connect to the Talon Ultimate’s Command Line Interface (CLI) via Telnet or SSH (see sections 10.3.1 and 10.3.2 for more information on connecting via Telnet or SSH). 4. Once connected via CLI, log in with the following credentials: a. Username: it b. Password: it 5. From the main prompt, type command then press the Enter key. 6. Type config then press the Enter key. 7. Type db list then press the Enter key. This will show all the profiles/configurations to on this Talon Ultimate unit. Make sure that these are the profiles/configurations that need to be copied to the other Talon Ultimate units. 8. Type db push xxx.xxx.xxx.xxx where xxx is the IP address of the Talon Ultimate that the profiles/configurations will be copied to (for example, db push 192.168.1.101) then press the Enter key. The profiles/configurations on the first Talon Ultimate will be copied to the other Talon Ultimate. This may take a few minutes depending on network speeds, and the number of configurations to copy. When the process is finished, the screen will show “…Done” and the CLI prompt will appear. 9. Repeat step 8 to copy the profiles/configurations to other Talon Ultimate units. 10. When finished, reboot all the Talon Ultimate units where the profiles/configurations were copied to. They should boot up with the same profiles/configuration set. ® Logicube Talon Ultimate User’s Manual 107 10: Printing Log Files 10.0 Printing Log Files - Introduction When viewing log files through the Talon Ultimate touch screen or web interface, there is a Print icon located on the top right of the screen. This icon allows the printing of the currently viewed log file. There are two ways to print log files: Recommended - From the Web Interface using a computer on the same network the Talon Ultimate is connected to (see Section 9.1 – Web Interface). This will allow printing to any printer already set up on the computer being used. From the touch screen on the Talon Ultimate. This will print to a configured local printer (connected via USB to the Talon Ultimate) or to a networked printer. See Section 10.2 – Configuring a local or networked printer for instructions on how to set up a local or networked printer. 10.1 Printing from the Web Interface When the print icon is used on the web interface, the browser’s print dialog screen will appear. This will allow printing to any configured printer on the computer, as it is using the computer’s web browser and Operating System to print. 10.2 Configuring a local or networked printer The Talon Ultimate can also print to a local (through USB) or networked printer. The printer has to be configured using the Command Line Interface (CLI, see Section 9.3.1 and Section 9.3.2 for instructions on how to connect to the CLI using a Telnet or SSH client). Local printers will need to be connected to the talon Ultimate through an available USB 2.0 port on the front of the Talon Ultimate. Networked printers will be seen by the Talon Ultimate when connected to the same network. Once the printers are set up and configured, the configuration must be saved to a profile. ® Logicube Talon Ultimate User’s Manual 108 PRINTING LOG FILES 10.2.1 Step-by-step – Configuring a local or networked printer 1. Connect the Talon Ultimate to a network with DHCP. For networked printers, make sure the Talon Ultimate is connected to the same network. For local printers, connect the printer to an available USB 2.0 port located in the back of the Talon Ultimate. 2. Turn the Talon Ultimate on. The Talon Ultimate should automatically assign itself an IP address that the Windows computer can see. Go to the Statistics screen on the Talon Ultimate and take a look at the HostName and IPAddress. 3. Using Telnet or SSH, connect to the Talon Ultimate. Instructions on how to connect via Telnet or SSH can be found in Section 9.3.1 or 9.3.2. 4. Once logged in to the Talon Ultimate via CLI, type command then press the enter key. 5. Type config then press the enter key. 6. Type printer search then press the enter key. This will instruct the Talon Ultimate to search for all local and networked printers. Here is an example of the search results: class : network make_model : HP Color LaserJet 3600 uri : socket://192.168.1.158 class make_model uri : network : HP LaserJet P4015 : socket://192.168.2.41 class make_model uri : network : EPSON WF-2530 Series : lpd://192.168.2.48:515/PASSTHRU class make_model uri : network : Brother HL-4150CDN series : lpd://BRN001BA9A8F7EA/BINARY_P1 7. Add the printer using the following syntax (case sensitive): printer add –n <name_for_the_printer> -N –u <uri> -m <make_model> Or printer add –n <name_for_the_printer> -D –u <uri> -m <make_model> For example, to add the networked HP Color LaserJet 3600, type the following: printer add -n 3600 -N -u "socket://192.168.1.158" -m "HP Color LaserJet 3600" The CLI should respond with: Command (DbPrinterConfig) Successful Logicube Talon Ultimate™ User’s Manual 109 PRINTING LOG FILES 8. To save the printer configuration, db save printer.db (or you can use any name.db you prefer) then press the enter key. A “Successful” message should appear. 9. Type db load printer.db to load the database configuration. Each time the Talon Ultimate is turned on, the local or networked printer should be available on the Talon Ultimate’s touch screen. Logicube Talon Ultimate™ User’s Manual 110 11: Viewing EXT4 formatted Destination drives in Windows 11.0 Viewing EXT4 formatted Destination drives - Introduction The Talon Ultimate formats Destination drives using the NT File System (NTFS) or EXT4 file system. Linux Operating Systems have native support for EXT4 file systems. Windows, however, does not have native support for viewing the EXT4 file system. There are several utilities that allow viewing of the EXT4 file system in Windows. Ext2Fsd (http://www.ext2fsd.com/) is a free, open source utility driver allows EXT3 and EXT4 partitions to be viewable in Windows. The Talon Ultimate labels the formatted Destination drive as “REPOSITORY”. Logicube does not provide full support for Ext2fsd. We provide basic instructions on how to make this utility work in our scenario. For Ext2fsd support, please visit their web site above. 11.0.1 Step-by-step instructions – Using Ext2fsd 1. Download and install Ext2fsd from the website above. If Ext2fsd is already installed, skip to step 2. After installing Ext2fsd, reboot the computer. 2. Connect the Destination drive to the computer. The Talon Ultimate can be used to view the Destination drive. Alternatively, other methods can be used to connect the drive to the computer (e.g. a write block device). There are times when Windows will auto-assign a drive letter to the drive. If it auto-assigns a drive letter at this point, continue with the analysis process. There is no need to follow the other steps in these instructions. If Windows does not auto-assign a drive letter, open Ext2fsd’s Ext2 Volume Manager program. 3. Locate the Destination drive. The Destination drive should have a RAW “Partition type”. ® Logicube Talon Ultimate User’s Manual 111 VIEWING EXT4 IN WINDOWS NOTE: Here is a screen shot of what the Destination drive will look like in the Ext2 Volume Manager program. Note the Partition type is set to RAW. Here is a screen shot of the full Volume Manager window. 4. Double-click the drive. Alternatively, the drive can be highlighted, then from the menu system, go to Tools then Ext2 Volume Management. The following screen will appear. Make sure that there is a check mark next to “Automatically mount via Ext2Mgr. Also, make sure there is a drive letter assigned (to the right of this option). If not, assign an available drive letter. Click the Apply button. Logicube Talon Ultimate™ User’s Manual 112 VIEWING EXT4 IN WINDOWS Do not uncheck the “Mount volume in readonly mode” unless it is absolutely certain that the mounted drive needs to be over-written or erased (whether partially or fully). 5. The following confirmation screen will appear. Click OK to continue. 6. Close the Ext2fsd Volume Manager program. Windows should now see the drive and assign it a drive letter with the volume name “REPOSITORY”. Logicube Talon Ultimate™ User’s Manual 113 12: FREQUENTLY ASKED QUESTIONS 12.0 FAQs Q. Why can’t I run two tasks at once? For example, I cannot wipe a drive while imaging. A. The Multi-Task Option must be installed to perform more than one task at a time. Please contact Logicube Sales to purchase this option. Q. Why are SAS drives not being detected? A. A SAS Option must be installed to activate SAS support. Please contact Logicube Sales to purchase this option. Q. Why are FireWire drives not being detected? A. The FireWire Option must be installed to activate the FireWire ports. Please contact Logicube Sales to purchase this option. Q. Why is the front USB device port (micro-B port) not working? A. The USB 3.0 Device Port Option must be installed to activate the front micro-B device port. Please contact Logicube Sales to purchase this option. Q. Why is it when I image a drive the number of bytes shown is twice the size of my Source drive? A. The number of bytes shown on the progress bar is not the actual size of the drive. This is the actual data being processed. When ‘Verify’ is set to “Yes”, the reported number will double in size Q. Why is it when I image a drive the number of bytes shown is twice the size of my Source drive? A. The number of bytes shown on the progress bar is not the actual size of the drive. This is the actual data being processed. When ‘Verify’ is set to “Yes”, the reported number will double in size. Q. How many concurrent tasks can the Talon Ultimate run? A. The Talon Ultimate can run up to 5 concurrent tasks with the activation of the Multi-Task Option. Q. Can the Talon Ultimate image Linux partitions? A. Yes. Talon Ultimate can image Linux partitions. Q. Can the Talon Ultimate image a Hierarchical File System (HFS)? A. Yes, Talon Ultimate can image HFS. Q. How does the Talon Ultimate handle bad sectors found on the Source drive? th A. Talon Ultimate will retry the bad sector 7 times. After the 7 attempt, if the sector still cannot be read, it will skip that sector and list the sector in the log file. Q. What operating system does Talon Ultimate use? ® Logicube Talon Ultimate User’s Manual 114 FAQs A. Talon Ultimate uses a Linux-based operating system. A Linux-based operating system provides increased stability and security over Windows-based systems. Q. What file format does Talon Ultimate use when formatting destination drives? A. Talon Ultimate can format destination drives using the NT File System (NTFS) or EXT4 file system. Q. Does imaging performance slow down when multiple drives are imaged at the same time? A. Performance is limited by the slowest drive in the configuration, however, there should not be any significant speed penalty when imaging multiple drives. Note you must have the Multi-Task option installed in order to image multiple drives at the same time. Q. Can I encrypt my evidence drives using the Talon Ultimate? How do I decrypt drives encrypted with Talon Ultimate? A. The Talon Ultimate provides AES 256 whole drive encryption. Users can choose between three different cipher modes and can set their own password/key for the encrypted drive. Users can decrypt a drive that was encrypted with Talon Ultimate by using the Talon Ultimate to decrypt or by using VeraCrypt, TrueCrypt or FreeOTFE. Q. Does the Talon Ultimate provide log files? A. Yes, each operation/task produces a log file. The log file is viewable on the Talon Ultimate screen (or remotely on a PC) in an HTML format. The log files can be exported to a thumb drive (the Talon Ultimate will export in XML, HTML and PDF). XML log files can be customized using XML editors. The log files are stored on the internal hard drive within Talon Ultimate and are accessible by pressing the log file icon from the left-side navigation bar on the Talon Ultimate screen. Q. If I am imaging to or from USB enclosures, will the Talon Ultimate’s USB ports power my devices or will an additional power source be required? A. Each of the Talon Ultimate’s USB ports meets the standard specification of up to 5V of power. If your USB device has higher power requirements an external power source will be necessary. Check with the manufacturer of your USB device to determine the exact power requirements. Logicube Talon Ultimate™ User’s Manual 115 13: Index BIOS, 34 Blank Disk Check, 17 Brightness-Display, 75 Browser Compatibility, 102 Case Info, 33 Config Lock, 69 Connecting via SSH, 104 Connecting via Telnet, 103 Decrypting, 84 Destination, 43 Destination Drives, 10 Disclaimer, Liability Limitation, I Disk Control Overlay (DCO), 34, 35 Display, LCD, 13 DoD wipe, 21 Drive Encryption and Decryption, 82 Drive to Drive, 37 Drive to File, 40 Drive Trim, 34 DRIVE TRIM, 37 drive types, 8 Encryption Encryption Settings, 73 EU, EUROPEAN UNION, III Ext2fsd, 111 FAQs, 114 Features, 1 Format, 59 Hash, 19, 20, 48 Hash/Verification Method, 36 Host Protected Area (HPA), 34, 35 HPA/DCO, 35 Image, 47 Image+Verify, 15 Imaging, 14, 31 Imaging Mode, 31 IP Settings Proxy settings, 76 Language, 74 Logs, 25, 63 Logicube Talon Ultimate™ User’s Manual Mirror Settings, 37 network connection, 102 Network Services, Disabling, 76 Network Settings, 30 Overview, 5 Passwords, 80 Printing Log Files, 108 Proxy Settings, 77 Quick Start, 14 Remote Operation, 102 Remote operation, CLI, 103 Remote Operation, Web Interface, 102 RoHS Directive (2002/95/EC), III S.M.A.R.T. (Self-Monitoring, Analysis and Reporting Technology), 65 Screen, Touch, 13 Secure Erase, 21, 53, 55 Settings, 32 Software Update, 78 Software Updates, 98 Source, 8, 32 Spanning, 18 Statistics, 65 System Settings, 66 Talon Ultimate, 1 Technical Support, Logicube, III, 117 Telnet, 103, 104 Time Zone, 74 Touch Screen, 13 Types of Operation, 46 USB Device, 24, 62 User interface (UI), 12 User Profiles/Configurations, 67 Warranty, Parts and Labor, I, III Website, Logicube, III Windows Vista, 103 Windows XP, 103 Wipe, 21, 22, 53, 56, 57 Wipe Patterns, 53, 56 116 Technical Support Information For further assistance please contact Logicube Technical Support at: (001) 818 700 8488 7am-5pm PST, M-F (excluding US legal holidays) or by email to [email protected] Software Attribution Ubuntu 12.04 LTS (http://www.ubuntu.com) Linux Kernel (3.2.48) (GPL v2) (http://www.kernel.org) (modified) libcli (1.9.5) (LGPL v2.1) (https://github.com/dparrish/libcli) (modified) monitorix (3.2.1) (GPL v2) (http://www.monitorix.org) (modified) Logicube Talon Ultimate™ User’s Manual 117
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project