RAID support

To help with creating a forensic RAID image of an array with an unknown configuration, Atola TaskForce is now equipped with a RAID assembly, configuration autodetection and imaging capability.

How it works

1. Select sources that make up a RAID array (drives, raw or E01 image files)
2. Wait a few minutes for a Possible configuration hint to pop up
3. Click Apply
4. Click Go to Image and acquire the whole array or partitions within

Forensic RAID images in TaskForce

What is currently supported:

• RAID types: RAID 0, 1, 5, and JBOD
• File systems: NTFS and ext4/3/2

More RAID types and file systems will be supported in upcoming releases.

Automated assembly of RAID with an unknown configuration

Autodetection module starts running immediately upon the selection of the RAID devices (or images).

• In Stage 1, it reads data on the drives to identify the RAID type which will narrow down the number of combinations for Stage 2.
• in Stage 2 goes through thousands of possible configurations to identify suitable ones.

If you know the configuration, you can enter it manually.

Autodetection uses heuristic algorithms to help avoid tedious manual work while searching for:

• RAID type
• device order
• block size
• block order

After you apply the suggested configuration with one click on a button, drives are arranged into the correct order, RAID type and other configurations are automatically applied, and file systems are searched for.

RAID partition preview

Any change in RAID configuration you perform manually or by applying the suggestion produced by the Autodetection prompts the bottom Partitions panel to refresh. If the configuration is correct, file systems are found and validated, you see partitions and their contents.