Call us: 10am – 6pm ET

888 540-2010, 416 833-3501

RAID 5 forensics: Automated assembly and imaging

TaskForce is equipped with configuration autodetection module that makes assembling and imaging a RAID 5 array with an unknown configuration fast and easy.

Autodetection of RAID 5 configuration

1. Connect the drives that make up the RAID array to the TaskForce unit to ports in Source mode.
2. Click the RAID icon in the left-side Task Menu.

Initiating work with RAID

Initiating work with RAID

3. In Select source device panel, tick the drives that make up the RAID array and click Continue.

Select the drives that make up a RAID

Select the drives that make up a RAID

To assemble a RAID from images instead of drives or to use a combination of drives and images, browse and select images in the FILE subsection of the Select source device menu.

Next, you are redirected to the RAID configuration screen. It consists of three parts:
- the selected devices (and/or image files) are shown in the top RAID configuration part.
- the RAID Partitions viewer below it, provides a preview of partitions and files within them, once RAID has been successfully assembled.
- the Autodetection module in the right-hand part of the screen immediately starts running and produces an output of RAID configuration suggestions.

Autodetection module reads data from all the selected devices and/or images to detect these RAID parameters:

Should the configuration be known, these parameters can also be set manually by the operator.

The time required for configuration detection can vary from a few seconds to a few hours depending on the numbers of drives involved, RAID volume and type, and how metadata is distributed on the drives in the RAID. In certain cases, Autodetection may produce several configuration suggestions, which can be applied one by one to find the exact match. TaskForce's Autodetection is based on heuristics algorithms that help speed up the variant check.

4. Click the Apply button to apply the configuration suggested by the Autodetection module.

Autodetection module searching for possible RAID configurations

Autodetection module searching for possible RAID configurations

If the suggested configuration matches the RAID native configuration, partitions of the RAID will be displayed and a preview of data within the partition will be enabled.

Detected RAID 5 configuration applied

Detected RAID 5 configuration applied

Imaging selected partitions of RAID 5

1. Click GO TO IMAGE button in the left bottom corner of the screen to adjust the imaging settings and define the target for the image.

2. Select the target for the imaging session. Both a local server and a target device in Storage mode can be used for imaging of a RAID array.

3. Click + CREATE FILE button and fill out the image details in the Create image file window and click Create.

Imaging RAID. E01 details

Imaging RAID. E01 details

4. In the Settings page, click the Change button and then click the settings of an imaging pass.

Imaging settings

Imaging settings

5. In Edit imaging pass window, you can select the individual partitions to be imaged if selective imaging is required and click Save.

Selecting partitions in imaging settings

Selecting partitions in imaging settings

6. Click the START button to launch the imaging session.

TaskForce will be imaging RAID 5 array or its partitions as configured in the imaging settings.

Imaging RAID 5 in progress

Imaging RAID 5 in progress

At the end of the imaging session, TaskForce will produce an Imaging completed report with all the details of the source drives, the RAID configuration, the target, the partition, the timestamps, etc.

RAID 5 forensics. Imaging report

RAID 5 forensics. Imaging report