Tableau TD1 Forensic Imager Initial Review

Yea, I finally got paid from wrapping up a case, worst was 90+ over due and best was 45+ days over due BUT the profit from these cases was earmarked to purchase new equipment.  The first purchase was from ForensicPC.com and was the Tableau TD1 Forensic Imager. I priced it around and found I could have shaved $20 from the total price, but I had to wait on a full quote from a site that didn't have a online cart.  I also purchased it with the Pelican 1450 case (other sites had a mark-up, but free case).

Forensic PC ordering process was just okay, I submitted on a Saturday after depositing the check and they processed the order on Monday.  I got an email stating that I went from order received to paid, but then didn't hear anything for 8 days.  I wrote a note about the status and got an apology email saying that I should have got a message (maybe spam filtered) telling me about the delay on the TD1 and the case.  Since I filter spam and not delete, I checked and there was no message.  I did get emails on the ship status and tracking and it arrived yesterday - Whoo-hoo!

Ok, enough overhead on the story.  I unpacked and inventoried everything and was impressed with the unit size and features.  I had previously used the Voom HC II and noticed a few differences that what I was used to.  First, speed.  I ran it through some testing (full output spreadsheet to come when complete) and the speed was impressive at 6GB+ on my equipment with MD5 and SHA1.  My initial tests were mostly functionality and not to quantify the speed but happy right away with the overall speed with SATA disk to disk, disk to file, and wipe. Second, I like the setup and input of examiner and case info.  I thought it might suck with slow typing but since I am used to IPhones it was that bad (I read that you can use a USB keyboard, but that is a future test).

Now a little of the not-thrilled-about / maybe-getting-used-to.  Voom HC2 had NTFS format and could create a full size disk-to-file, e.g. 80GB drive to a 80GB file.  Sure it had a funky thing with once you mount a Voom HC2 NTFS drive on any system it was not recognizable by the Voom again, but I like having large files without a follow up conversion.  TD1 can create FAT32 formats and the underneath structure of the TD1 seems that it is based on "chunks" and configuring the size of the chunks.  I processed some images and am not sure that it will be a big deal with me.  All my tools cover multiple files and TD1 puts them in nice directories with the dates.

I did update the firmware first thing out of the box and the process was pretty nice.  Connected with a firewire 400 port and ran some Tableau windows software. The software saw my TD1 and recommended the firmware update.  It ran without any issue, and I powered down, unplugged everything, and powered back up to reread the firmware.  Tableau markets the ease of upgrade and would agree.

I should be able to post my validation, functionality, and speed results in the next couple of weeks.  I got to get more progress on Sam and I's Defcon presentation.

-Dave