Call us: 10am – 6pm ET
888 540-2010, 416 833-3501
RAID support
To help with creating a forensic RAID image of an array with an unknown configuration, Atola TaskForce is now equipped with a RAID assembly, configuration autodetection and imaging capability.
How it works
- Select sources that make up a RAID array (drives, raw or E01 image files)
- Wait a few minutes for a Possible configuration hint to pop up
- Click Apply
- Click Go to Image and acquire the whole array or partitions within
Forensic RAID images in TaskForce
What is currently supported:
- RAID types: RAID 0, 1, 5, and JBOD
- File systems: NTFS and ext4/3/2
More RAID types and file systems will be supported in upcoming releases.
Automated assembly of RAID with an unknown configuration
Autodetection module starts running immediately upon the selection of the RAID devices (or images).
- In Stage 1, it reads data on the drives to identify the RAID type which will narrow down the number of combinations for Stage 2.
- in Stage 2 goes through thousands and even millions of possible configurations to identify suitable ones.
If you know the configuration, you can enter it manually.
Autodetection uses heuristic algorithms to help avoid tedious manual work while searching for:
- RAID type
- device order
- block size
- block order
Maximum allowed number of RAID parameter combinations to check is 100,000,000. With 12 possible block (stripe) sizes ranging from 512 bytes to 1 MB, the current limit enables TaskForce to check all possible RAID configurations for:
- 9 devices in RAID 5 array (17,418,240 variants)
- 10 devices in RAID 0 array (43,545,600 variants)
Autodetection of RAID type and other configurations
After you apply the suggested configuration with one click on a button, drives are arranged into the correct order, RAID type and other configurations are automatically applied, and file systems are searched for.
Reassembling and imaging RAID 5 with a missing device
If you are reassembling RAID 5, and one of RAID 5 drives is missing or is heavily damaged, TaskForce allows you to select all available drives (or images thereof) and click Add missing device button underneath the list of drives and/or images.
Reassembling RAID 5 with a missing device
TaskForce uses the redundancy inherent to RAID 5 to identify the configuration and create a full image of the RAID even in the absence of one of the RAID's parts.
RAID partition preview
Any change in RAID configuration you perform manually or by applying the suggestion produced by the Autodetection prompts the bottom Partitions panel to refresh. If the configuration is correct, file systems are found and validated, you see partitions and their contents.
Partitions preview after successful application of RAID configuration suggestion
Instant configuration detection using RAID metadata
TaskForce instantly identifies mdadm-created RAID arrays with great precision by detecting controller metadata. These types of arrays are mounted in a matter of seconds and do not require a manual selection or application.
Instant autodetection of mdadm RAID
TaskForce’s autodetection module is able to detect the Start LBA parameter for different types of mdadm RAID arrays.