CRU Ditto Forensic FieldStation
May 15, 2014
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: A lot of acquisition functionality in a small, portable footprint. We liked the combination of cloning, acquisition (in A01 or DD format) and erasing/zeroing disks in the field.
- Weaknesses: We would like to see a bit more network-scanning capability, given that the tool is headed in that direction.
- Verdict: This is a must-have for field work. It is everything that one needs to acquire disks and scan networks for active services in the field.
This was one we never saw coming. It's a neat little box that at first blush looks like a write-protect bridge. It is. But it is more as well. It clones disks, it acquires disks and it scans networks. It is a standalone tool that comes neatly packaged in a rugged lightweight carrying case. Everything that one needs is in the case, including cables, adapters, a power brick and a space for extra disks.
When we opened this one up, our first task was finding documentation since we had never seen this or anything like it before. Certainly, we have tested write-blockers, but this is quite a bit more than that. What we found was, at first, disappointing. It consisted of a small four-page quick-start guide. However, it turned out the guide was all we needed to get up and running.
The first step in setting up the tool - as described in the quick-start - is to connect to a network to access the built-in web interface. That was simplicity itself. We plugged the CRU Ditto Forensic FieldStation into our switch in our lab and browsed to 192.168.0.103, the DHCP address assigned by our router. If one needs a static address, the Ditto has one and users can connect to it as well if in a net 10 system. Fewer than 10 simple steps and we were on our way.
Everything one needs to configure and use the Ditto is in the web interface. Next to everything requiring user input is an information icon. This is the documentation for the tool. The documentation is extensive, contextual and easy to use and read. It makes sense and it is all that is needed. We liked that because nobody in the field wants to stop in the middle of an acquisition to thumb through a manual or break out a PC to search a PDF for a configuration help file. In this case, you simply connect a PC, configure and then start acquiring or cloning.
Cloning is something that can be tiresome in many cases. The process often entails taking a forensic image and restoring the image, a time-consuming process. With Ditto Forensic FieldStation, the user can clone a disk directly in a single step. If, on the other hand, what is really needed is a typical forensic image, that is the Ditto's meat and potatoes. Plug in the source and the destination and run. There is a nice LCD display on the tool, complete with all of the menus necessary. Once the tool is configured, users don't really need their PC anymore to run it. Reconfiguration can be done from the LCD screen as well.
The tool also has network scanning, called NetView, built in. It uses Nmap so the scans are not comprehensive and we would have liked to see CRU go the extra mile and build in something, such as Nessus, for a more complete scan. The scans show the running services - both TCP and UDP - but no vulnerability information, which would have been nice. But, even this is well beyond what we expected. This tool turns out to be a Swiss Army knife for basic forensic acquisition.
Support is based on a three year warranty and there is a good aid portal with software downloads and other useful features available to prospective customers and current users.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Met Police grab suspect with phone unlocked to get hold of data
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report