EZImager is a software utility which can be used to securely and remotely capture and preserve digital forensic data. It was developed by IT Acceleration in response to market demands. This post explains what happened.
Starting out as an IT outsourcing company, IT Acceleration began offering digital forensic services after multiple requests surfaced from our clients. That’s because we have vast experience with information technology. We’ve run the data collection gamut from servers to web repositories, from peripherals to one-off electronic devices. Every forensic analyst has practical IT experience and this knowledge gives us the ability to create and execute a collection method which is complete and legally sound in every instance.
In 2012, we automated common collection of Windows hard drive data with the creation of EZImager. The EZImager utility, which is part of our comprehensive data collection toolkit, is a combination of custom .NET code wrapped around Access Data Forensic Toolkit Imager (FTK Imager) to provide an automated, menu-driven collection of utilities which can be performed by an end-user. FTK Imager is a proven forensic collection utility and has been used for years by both private and law enforcement agencies.
EZImager is not limited to just being used for forensic hard drive collections. It can be used on networks, web servers, and electronic devices. During the EZImager imaging process, BIOS information from the targeted computer is collected and the forensic image is hash verified to guarantee authentication. This is a forensically sound and legally defensible approach to collecting difficult-to-get-at hard drives (you know, the remote sales person who cannot live without their computer). Chain-of-custody is established during the commencement of the session.
Remote Data Collection
The beauty of this tool is we don’t necessarily have to travel to you to collect and preserve your data. The easy-to-use EZImager utility can be shipped to you as a 256-bit encrypted USB drive, run overnight, and returned via a prepaid FedEx shipping envelope. (We suggest starting the imaging at the end of the day and allowing it to run overnight.) Easy!
EZImager was originally designed to give us access to remote devices that cannot be shipped, but we also use it for supplemental imaging when onsite performing a large data collection. We can perform targeted collections of network shares and locally connected USB devices using a secure internet connection.
The device use is charged on a fixed fee, per image basis and includes the validation of the forensic imaging process by an IT Acceleration forensic analyst. In addition, a copy of the forensic image is created on another drive for delivery to you, a litigation support company, or storage by us in our secure, fireproof evidence lockers.
Use On Apple Devices
Recent feature updates to EZImager include the ability to forensically image Macintosh computers. This is a little more involved, but by following the instructions the end-user can complete this as well. We are only a phone call away if there are questions or problems. If need be, we can establish a secure internet connection and start the imaging for you.
For a quick Q&A and demo, please call, comment below or contact us.