WiebeTech Ditto Forensic FieldStation User manual

WiebeTech
Brand
WiebeTech
Model
Ditto Forensic FieldStation
Type
User manual
Protecting Your Digital Assets
TM
Wiebetech Branding
2c85m76y
PMS 711C
66c7m7y
PMS 299C
Product Name:
Univers 73 Black Extended
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ditto Forensic FieldStation
User Manual
Features
• Sourceinputs(write-blocked)–eSATA(SATA),PATA,USB2.0,PCIex1expansionport,
andgigabitnetwork(NFS,iSCSI,SMB)
• Destinationoutputs–DualeSATA(SATA)portstostoreacquireddataononeortwo
disks,SDcard,orgigabitnetwork(iSCSI,NFS,SMB)
• Data acquisition modes – physical image DD, physical image E01 with empty block
compression,logicalimageL01,clone,andsimultaneousclone&image.
• Hashtypes-MD5,SHA-1,MD5+SHA-1
• Remoteusage–Performoperationsusingthewebbrowserinterfacefromanyremote
networkedlocationintheworld
• SystemcongurationmanagementviafrontpanelLCDorwebbrowserinterface
• Userprolescanbepasswordprotectedandassignedspecicpermissionlevels
• Data log captures a complete history of data acquisitions and can be managed and
printedfromwebbrowserorextractedtoauser-specicdocument
• StealthModeavailableforusewithnightvisiongoggles(notincluded)
2
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
TABLE OF CONTENTS
1Pre-InstallationSteps 2
2Setup 3
3BrowserInterface 3
3.1AccessingtheBrowserInterface 3
3.2IconsUsedintheBrowserInterface 5
3.3UserAccounts 6
4HomeScreen 6
4.1Action 6
4.1.1CloneSourceDisk 7
4.1.2PhysicalImageSourceDisk 7
4.1.3LogicalImageSourceDisk 8
4.1.4CloneandImageSourceDisk 10
4.1.5EraseDestinationDisk 11
4.1.6HashDisk 12
4.1.7SnapshotDisk 12
4.1.8NetViewScan 12
4.2InvestigationInfo 13
4.3SystemSettings 13
4.4CurrentStatus 13
4.5Disks 14
4.6SystemLog 15
5CongureScreen 16
6AdminScreen 27
6.1UserAccounts 27
6.2PermissionLevels 27
6.3AddingaNewUser 28
6.4EditinganExistingUser 28
6.5DeletingaUser 28
7LogsScreen 28
8UtilitiesScreen 29
9UsingtheFrontPanelInterfaceinStandaloneMode 31
10StealthMode 35
11AdvancedFeaturesandFunctions 36
11.1NetviewScan 36
11.2TargetMode:RemotelyAccessDisksAttachedtothe
DittoForensicFieldStationwithThirdPartySoftware
38
11.3UsingiSCSIDevices 39
11.4UsingNFSandSMB(Samba)Shares 42
11.5AddingaNewLogicalImageMode 42
12UpgradingFirmware 43
13TechnicalSpecications 45
1 PRE-INSTALLATION STEPS
1.1 PACKAGE CONTENTS
Thefollowing list containstheitems that are included in the
completecongurationforthisdevice.PleasecontactCRUif
anyitemsaremissingordamaged:
DittoForensicFieldStationUnit 1
UnitizedSAS-to-eSATA+Mini-Fitpowercable 3
IDEcable 1
12Vpowersupply 1
Powercord 1
Legacypower-to-Mini-Fitcable 1
Ethernetcable(RJ45) 1
2.5”IDE-to-3.5”IDEandMini-Fitcable 1
Poweradapter,legacy-to-SATA 1
Velcrocablewrap 6
eSATAcable 2
SDcard(pre-installed) 1
QuickStartGuide 1
1.2 IDENTIFYING PARTS
TakeamomenttofamiliarizeyourselfwiththepartsoftheDitto
Forensic FieldStation.Thiswillhelpyoutobetter understand
thefollowinginstructions.
TOP OF UNIT
PowerAvailableLEDs
LCDMenu
SourceLEDs
DestinationLEDs
NavigationButtonsforLCDMenu
3
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
2 SETUP
Plugthe“suspect”disksordevicesintotheSource Inputssideof
theDittoForensicFieldStation.Allsourceinputsarewrite-blocked
topreventalteration.ThesourceinputsincludeaUSB2.0connec-
tionforUSBdevices,anRJ45gigabitEthernetconnection,anIDE/
PATAdiskconnection,andaneSATAconnectionforSATAdisksor
aneSATAdevice.Theexpansionmoduleconnectionisusedwith
theSAS,USB3.0,andotherDittoForensicFieldStationexpansion
modules.
UsetheDestination OutputssideoftheDittoForensicFieldSta-
tion to store acquired data.The destination output connections
includetwoeSATAconnectionsforSATAdisksoreSATAdevices
andanRJ45gigabitEthernetconnection.
TherearoftheDittoForensicFieldStationhasanSDcardslotand
two powering options: a 12V input for the power supply, and a
SATApowerconnection.Therearalsohasahookforhangingthe
unitinsidethecomputercaseorworkstation.
CRU recommends that you switchthe power off to
theDittowhenyouaddorremoveadevicefromitin
ordertoavoiddiskdamageanddatacorruption.
3 BROWSER INTERFACE
The Ditto Forensic FieldStation can be congured and operated
either from the Front Panel (see Section 9) or through a web
browser.
3.1 ACCESSING THE BROWSER INTERFACE
3.1.1 Accessing Via A Network
a. Plug an Ethernet cable into the Ethernet port on the
“SourceInputs”sideoftheDittoForensicFieldStation.
b. Connect the other end of the Ethernet cable to your
network.Thisusuallymeanspluggingitintoarouteror
hub.Inanofceenvironment,youmayhaveanetwork
jackbuiltintoyourofcewall.
c. Connect the power cable to the rear of the Ditto
Forensic FieldStation and to the providedAC adapter
ortoSATApower.
d. Turn on the Ditto Forensic FieldStations power using
theswitchontherearpanel.(0=off,1=on)
SOURCE INPUTS
(allinputsarewrite-blocked)
RJ45GigabitEthernetConnection
4-pinMini-FitPowerConnection
(DCPowerOutput)
IDE/PATAConnection
USB2.0TypeAConnection
ExpansionModuleConnection
eSATAConnection
DESTINATION OUTPUTS
eSATAConnections RJ45GigabitEthernetConnection
StealthModeSwitch
4-pinMini-FitPowerConnections
(DCPowerOutput)
REAR OF THE UNIT
HangingHook
PowerSwitch
(0=off,1=on)
SDCardSlot
SATAPowerConnection
PowerInputforACSupply
NOTE
4
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
e. Type the Ditto Forensic FieldStations source IP address into your web browser. If you know the
address,godowntothelaststepofthissection.Ifyoudonotknowtheaddress,continuetothenext
step.
f. PresstheDownnavigationbuttonontheDittoForensicFieldStationuntilyoureachthe“Settings”
menu.ThenpressEnter.
Settings
View/Edit>
g. PresstheUporDownnavigationbuttonsuntilyoureachthe“SourceIPAddress”screen.
h. TypetheIPaddressshownintoyourwebbrowser.
SourceIPAddress:
10.xxx.xxx.xxx
TheDittoForensicFieldStationis conguredbydefaulttouseDHCPfor IPassignment.Ifyouneed
tochangetoastaticIPaddress,checkwithyournetworkadministratorandseeSection3.3.2ofthis
manual.
i. Logintothebrowserinterface(thedefaultusernameandpasswordfortheadministratoraccountare
bothadmin”).
CRUrecommendsthatyouchangetheadminaccountpasswordandcreateuseraccountsforindividual
usersasbestdatamanagementpractices.
Youarenowreadytousethebrowserinterfacetoconguresettingsandpreview,image,orcloneattached
disks.
3.1.2 Accessing Via Direct Connection to Your Computer
a. PluganEthernetcableintotheEthernetportonthe“DestinationOutputs”sideoftheDittoForensic
FieldStation.
b. ConnecttheotherendoftheEthernetcabletoyourcomputer’sEthernetport.
ThedestinationEthernetportcanbeconguredtoactasaserver.AttachingaDittoForensicFieldSta-
tionactingasaservertoanexistingnetworkthroughthedestinationEthernetportwillcausenetwork
conicts.Thereforeitis importantto attachtheDittoForensicFieldStationdirectlytoyourcomputer
instead.TochangethissettingsothattheDittoForensicFieldStationnolongeractsasaserver,see
Section5.2.3.
c. ConnectthepowercabletotherearoftheDittoForensicFieldStationandtotheprovidedACadapter
ortoSATApower.
d. TurnontheDittoForensicFieldStationspowerusingtheswitchontherearpanel.(0=off,1=on)
NOTE
NOTE
STOP!
5
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
e. Type the DittoForensic FieldStationsdestinationIP address into yourwebbrowser.Thedefault IP
addressforthedestinationEthernetportis10.10.10.1.Ifyouhavechangedtheaddressanddonot
rememberit,continuetothenextstep.Otherwise,godowntothelaststepofthissection.
f. PresstheDownnavigationbuttonontheDittoForensicFieldStationuntilyoureachthe“Settings”
menu.ThenpressEnter.
Settings
View/Edit>
g. PresstheUporDownnavigationbuttonsuntilyoureachthe“Dest.IPAddress”screen.
h. TypetheIPaddressshownintoyourwebbrowser.
Dest.IPAddress:
10.xxx.xxx.xxx
i. Logintothebrowserinterface(thedefaultusernameandpasswordfortheadministratoraccountare
bothadmin”).
CRUrecommendsthatyouchangetheadminaccountpasswordandcreateuseraccountsforindividual
usersasbestdatamanagementpractices.
Youarenowreadytousethebrowserinterfacetoconguresettingsandpreview,image,orcloneattached
disks.
3.2 ICONS USED IN THE BROWSER INTERFACE
Thebrowserinterfaceusesseveraliconsthatmaybeclickedontoperformcertainactions.
ICON ACTION
Information
Opensawindowwithabriefdescriptionofthesettingtheinformationiconappearsnext
to.
Refresh
Refreshestheeldthattheiconappearsnexttoinordertogiveupdatedinformation.
Reset
LoadsthedefaultsforthesettingthattheRefreshiconappearsnextto.
Add
Addsauserdenedeldtoalistofitems.
Remove
Removesauserdenedeldfromalistofitems.
NOTE
6
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
3.3 USER ACCOUNTS
TheDittoForensicFieldStationemploysauseraccountsystemtocontrolaccesstoitsfeatures.The“Login”
screenpresentsyouwiththeabilitytologinthroughhttp,oryoucanclicktheSecure Login (HTTPS) linkto
loginsecurely.Acceptthecerticateand/orcontinuetothewebsite,evenifyourbrowsertellsyouitdoes
notrecognizeit.
ThedefaultusernameandpasswordfortheAdministratoraccountarebothadmin.CRUrecommendsthat
youchangetheadminaccountpasswordandcreateuseraccountsforindividualusersasbestdatamanage-
mentpractices.
ClickontheLog Out buttonatthetoprightofthebrowserinterfacetologout.
4 HOME SCREEN
The“Home”screeniswhereyouwillperformmostofyouroperationswiththeDittoForensicFieldStation,andis
thedefaultscreentoloaduponloggingintothebrowserinterface.ClickontheHome tabtoaccessthe“Home”
sceenfromanyotherareaofthebrowserinterface.
4.1 ACTION
The“Action”panelletsyoustart,abort,anddocumentthefollowingactions.The“Start”buttonbeginsthe
action.The“Abort”buttonstopstheactioninprogress.ClicktheComment buttontowriteanotethatwill
beappendedtothelog.ClicktheConfigure buttontomodifythedefaultsettingsforeachaction,whichcan
alsobemodiedonthe“Congure”screen(SeeSection5).
Figure 1. The“Home”screen.
7
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
4.1.1 Clone Source Disk
TheDittoForensicFieldStationmakesanexactduplicateofthesourcediskandcanclonetoasingleor
mirroreddestinationdisk.
Whilecloningthesourcedisk,theDittoForensicFieldStationcanalsohashthesourcediskusingthe
MD5,SHA-1,orMD5+SHA-1algorithms.Selectthehashtypeunderthe“SystemSettings”panel
onthe“Home”screen.SeeSection4.3.HashingwhileusingbothMD5+SHA-1signicantlyreduces
performance.
Toclone,followthesesteps:
a. Usingthebrowserinterface,selectClone Source DiskfromtheActiontoPerform”drop-downbox.
b. Selectthesourcedisktoclonefromthe“Source”drop-downbox.
c. Selectthedestinationdiskfromthe“Destination”drop-downbox.Toclonetotwodestinationdisksat
thesametime,selecttheMirror option.Destinationdisksdonothavetobethesamephysicalmedia
asthesourcedisk,buteachmustbelargerthanthesourcedisk.
FortheMirrorfeaturetobeshown,twodestinationdisksmustbeattached.
d. ClicktheStart button.A“Completed”messageboxwillpopupwhentheactionhasnished.Click
onthemessagetocontinue.
Youcanincreasetheperformanceoftheoperationbyclickingoffofthebrowserinterfacewindowso
thatitisnotcontinuallyupdated.
Youcanviewtheresultsofthecloneactionbyscrollingdowntothe“SystemLog”panelonthe“Home”
screen.Findandclickonthelatestlink,whichwillbedenotedbyalenamewithadate/timestampformat:
“S_yyyymmddhhmmss”.Alternatively,youcanclickontheLogs button fromthetopmenubar.
4.1.2 Physical Image Source Disk
TheDittoForensicFieldStationcreatesanE01orDDimageofthesourcediskononeortwodestination
disks.
Whileimagingthesourcedisk,theDittoForensicFieldStationcanalsohashthesourcediskusingthe
MD5,SHA-1,orMD5+SHA-1algorithms.Selectthehashtypeunderthe“SystemSettings”panel
onthe“Home”screen.SeeSection4.3.HashingwhileusingbothMD5+SHA-1signicantlyreduces
performance.
Forthefastestperformance,werecommendutilizinganNTFSlesystemforWindows,HFS+forMac,or
XFSforLinuxmachines.Tocreateaphysicalimage,followthestepsonthenextpage:
Figure 2. TheAction”sectiononthe“Home”screen,showingthe
optionsavailableforthe“CloneSourceDisk”action.
Figure 3.TheAction”sectiononthe“Home”screen,showingthe
optionsavailableforthe“PhysicalImageSourceDisk”action.
NOTE
NOTE
NOTE
NOTE
8
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
a. Usingthebrowserinterface,selectPhysical Image Source Disk fromthe“ActiontoPerform”drop-
downbox.
b. Selectthesourcedisktoimagefromthe“Source”drop-downbox.
c. Selectwhichpartition(s)toimagefromthe“Partition”drop-downbox.ChooseAlltoimagetheentire
sourcedisk.
d. Select the destination disk for the image from the“Destination” drop-down box.To image to two
destinationdisksatthesametime,selectthe Mirror option.Destinationsdonothavetobethesame
physicalmediaasthesourcedisk,buteachmustbelargerthanthesourcedisk.
FortheMirrorfeaturetobeshown,bothdestinationdisksmustbeempty.Aquickwaytoaccomplish
thisistousetheDittoForensicFieldStationtoeraseeachdiskbyselectingErase Destination Disk
fromtheActiontoPerform”drop-downboxandusingthe“ClearPartitionTable”erasemode(seeSec-
tion4.1.5).YoumustalsogototheErase tabonthe“Congure”Screenandmakesurethat“Format
After Erase” is unchecked (see Section 5.6), because if a destination disk has a partition on it, the
“Mirror”optionwillnotappear.
e. Selectwhichtypeofphysicalimageyouwouldliketocreatefromthe“PhysicalImageType”drop-
downbox.The image typesavailableareE01orDD.Youcanmodifywhichimagetypeappearsby
defaultinthedrop-downboxonthe“Home”screens“SystemSettings”section(seeSection4.3),or
onthe“Congure”screens“System”tab(seeSection5.1).
f. ClicktheStart button.A“Completed”messageboxwillpopupwhentheactionhasnished.Click
onthemessagetocontinue.
Youcanincreasetheperformanceoftheoperationbyclickingoffofthebrowserinterfacewindowso
thatitisnotcontinuallyupdated.
Youcanviewtheresultsoftheimageactionbyscrollingdowntothe“SystemLog”panelonthe“Home”
screen.Findandclickonthelatestlink,whichwillbedenotedbyalenamewithadate/timestampformat:
“S_yyyymmddhhmmss”.Alternatively,youcanclickontheLogs buttonfromthetopmenubar.
4.1.3 Logical Image Source Disk
Logicalimagingallowsaninvestigatortoquicklyscanthecontentsofaharddiskandimageonlytheles
andfoldersrelevanttotheinvestigationintoanL01,ZIP,TAR,orLISTleformat.Datacanbeimagedto
oneortwodestinationdisks.Tocreatealogicalimage,followthesesteps:
a. SelectLogical Image Source Diskfromthe“ActiontoPerform”drop-downbox.
b. Selectthesourcedisktoimagefromthe“Source”drop-downbox,thenchoosewhichpartition(s)to
imagefromthe“Partition”drop-downboxunderneaththe“Source”drop-downbox.IfyouselectAll”,
partitionswillbeimagedsequentially.
NOTE
Figure 4.The Action” section on the“Home” screen, showing
theoptionsavailableforthe“LogicalImageSourceDisk”action.
NOTE
9
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
c. Selectthedestinationdiskforthelogicalimagefromthe“Destination”drop-downbox,thenchoose
thedestinationdiskpartitionfromthe“Partition”drop-downboxunderneath.Toimagetotwodestina-
tiondisksatthesametime,selecttheMirror option.Destinationdisksdonothavetobethesame
physicalmediaasthesourcedisk,buteachmustbelargerthanthesourcedisk.
FortheMirrorfeaturetobeshown,bothdestinationdisksmustbeempty.Aquickwaytoaccomplish
thisistousetheDittoForensicFieldStationtoeraseeachdiskbyselectingErase Destination Disk
fromtheActiontoPerform”drop-downboxandusingthe“ClearPartitionTable”erasemode(seeSec-
tion4.1.5).YoumustalsogototheErase tabonthe“Congure”Screenandmakesurethat“Format
After Erase” is unchecked (see Section 5.6), because if a destination disk has a partition on it, the
“Mirror”optionwillnotappear.
d. Selectwhichtypeoflogicalimageyouwouldliketocreatefromthe“LogicalImageType”drop-down
box.TheformatoptionsavailableareL01,TAR,ZIP,orLIST.(Youcanmodifywhichlogicalimagetype
appearsbydefaultinthedrop-downboxonthe“Congure”screens“System”tab.SeeSection5.1.)
“LogicalImageSourceDisk”actionscreateareportofdirectoriesandleschosenfromthesourcedisk
aswellastheirlesizesandanyerrormessagesencountered.Thisreportcanbeviewedfromwithin
thebrowserinterfaceandcanbeexportedasanExcelspreadsheet.SeeSection7.1.4.
e. SelecttheLogicalImageModefromthe“LogicalImageMode”drop-downbox.Seethelistoflogical
imagemodesattheendofthissubsectionforinformationonwhateachmodedoes.
f. Ifyouchose anyotherLogicalImageMode,click the Start button at the top ofActionsection.A
“Completed”messageboxwillpopupwhentheactionhasnished.Clickonthemessagetocon-
tinue.
Ifyouchose“ManualSelect”,followthesesteps:
i. ClickonSelect Files & Dirs.Adialogboxwillopen.
ii. Usethenavigationtreetoselectthelesandfoldersyouwishtoimage(SeeFigure5).
iii. ClicktheStart button atthebottomofthedialogbox.A“Completed”messageboxwillpopup
whentheactionhasnished.Clickonthemessagetocontinue.
You can view the resultsof the logical image action by scrolling down tothe“SystemLog”panelon
the“Home”screen.Findandclickonthelatestlink,whichwillbedenotedbyalenamewithadate/
timestampformat:“S_yyyymmddhhmmss”.Alternatively,youcanclickontheLogs buttonfromthetop
menubar.
NOTE
NOTE
Figure 5.Thelenavigationtree.
10
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
Logical Image Modes
BeginningwiththeSeptember19,2015rmwareupdate,theLogicalImageactioncanautomatically
searchforlesthattthefollowingLogicalImageModes.Theactionwillsearchforspecicleexten-
sionsspeciedbytheLogicalImageMode.Seethenextpageforinformationonspecicletypes.
Logical Image Modes, continued...
• Manual Select: Enablesthe“SelectFiles&Dirs”buttonsothatyoucanmanuallyselectwhich
lestologicallyimage.
• All Files and Dirs: Imagesalllesanddirectories.
• All Except Windows: ImagesalllesanddirectoriesexceptfortheWindowsdirectory.
• All Except Windows and Programs: ImagesalllesanddirectoriesexceptfortheWindows,
ProgramFiles,ProgramFiles(x86),andProgramDatadirectories.
• All Users - Windows: ImagestheWindows“Users”directory.
• All Temporary - Windows: ImagestheWindows/TempandTempdirectories.
• All Except Swap and Hibernate:Imagesalllesanddirectoriesexceptlesnamedhiberl.sys,
pagele.sys,Win386.swp,and386part.par.
• All Media Files: Imagesall.avi,.jpeg,.jpg,.wav,and.movles,aswellasallleswithexten-
sionsbeginningin.mp”(.mpeg,.mp4,.mp3,etc.)andallleswithextensionsbeginningin.m4”
(.m4a,.m4v,etc.).
• All Office Files: Imagesall.txtand.pdfles,aswellasallleswithextensionsbeginningin.doc”,
.xls”,.ppt”(.doc,.docx,.xlsx,.pptx,etc.).
• All Financial Files:Imagesall.ifx,.ofx,.qfx,.qif,and.taxles.
Youmayalsoaddyourowncustomizedlogicalimagemodestothisdrop-downlist.Todoso,seeSec-
tion11.5.
4.1.4 Clone and Image Source Disk
Thisactionsimultaneouslycreatesacloneofthesourcediskononedestinationdiskandcreatesanimage
onaseconddestinationdisk.Two destination disks are required for this action.
Whilecloningandimagingthesourcedisk,theDittoForensicFieldStationcanalsohashthesourcedisk
usingtheMD5,SHA-1,orMD5+SHA-1algorithms.Selectthehashtypeunderthe“SystemSettings”
panelonthe“Home”screen.SeeSection4.3.HashingwhileusingbothMD5+SHA-1signicantly
reducesperformance.
Tosimultaneouslycreateacloneandaphysicalimageofthesourcedisk,followthesesteps:
a. SelectClone & Image Source Diskfromthe“ActiontoPerform”drop-downbox.
b. Selectthesourcedisktocloneandimagefromthe“Source”drop-downbox.
c. Selectthedestinationdiskfortheclonefromthe“CloneDestination”drop-downboxandthedestina-
tiondiskfortheimagefromthe“ImageDestination”drop-downbox.Destinationdisksdonothaveto
bethesamephysicalmediaasthesourcedisk,buteachmustbelargerthanthesourcedisk.
NOTE
11
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
d. Selectthedestinationdiskpartitiononwhichtosavetheimagelefromthe“ImagePartition”drop-
downbox.
e. Selectwhichtypeofphysicalimageyouwouldliketocreatefromthe“PhysicalImageType”drop-
downbox.TheimagetypesavailableareE01orDD.(Youcanmodifywhichimagetypeappearsby
defaultinthedrop-downboxonthe“Congure”screens“System”tab.SeeSection5.1.)
f. ClicktheStart button.A“Completed”messageboxwillpopupwhentheactionhasnished.Click
onthemessagetocontinue.
Youcanviewtheresultsofthecloneandimageactionbyscrollingdowntothe“SystemLog”panelon
the“Home”screen.Findandclickonthelatestlinks,whichwillbedenotedbyalenamewithadate/
timestampformat:“S_yyyymmddhhmmss”.Alternatively,youcanclickontheLogs buttonfromthetop
menubar.
4.1.5 Erase Destination Disk
TheDittoForensicFieldStationerasesthedestinationdiskusingyourpreferredEraseMode.TheErase
ModesavailableareClearPartitionTable,QuickErase,LBA/OffsetPattern,CustomErase,SecureErase
Normal,SecureEraseEnhanced,DODClear,DODSanitize,NIST800-88Clear,andNIST800-88Purge.
Toeraseadisk,followthesesteps:
a. SelectEraseDestinationDiskfromtheActiontoPerform”drop-downbox.
b. SelecttheEraseModetousefromthe“EraseMode”drop-downbox.(Youcanmodifywhicherase
modeappearsbydefaultinthedrop-downboxonthe“Congure”screens“System”tab.SeeSec-
tion5.1.)
c. Selectthetargetdestinationdisk(s)fromthe“Target”drop-downbox.
d. ClicktheStart button.A“Completed”messageboxwillpopupwhentheactionhasnished.Click
onthemessagetocontinue.
Youcanviewtheresultsoftheerasureactionbyscrollingdowntothe“SystemLog”panelonthe“Home”
screen.Findandclickonthelatestlink,whichwillbedenotedbyalenamewithadate/timestampformat:
“S_yyyymmddhhmmss”.Alternatively,youcanclickontheLogs buttonfromthetopmenubar.
Format After Erase
YoucanconguretheDittoForensicFieldStationtoautomaticallyformatadiskafteryoueraseit.Click
ontheConfigure tabtogotothe“Congure”screen.ThenclickontheErase tabmakesurethat
“FormatAfterErase”ischeckedforeachoftheerasemodesonwhichyou’dliketoenablethissetting.
Figure 7.TheAction”sectiononthe“Home”screen,showingthe
optionsavailableforthe“EraseDestinationDisk”action.
Figure 6. TheAction” section on the“Home” screen, showing
theoptionsavailableforthe“Clone&ImageSourceDisk”action.
12
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
4.1.6 Hash Disk
TheDittoForensicFieldStationwillhashanysourceoradestinationdiskusingyourpreferredalgorithm.
HashvaluesaresavedintheSystemLog.Theavailablealgorithmsare“MD5”,“SHA-1”,or“MD5+SHA-1”.
Tohashadisk,followthesesteps:
a. SelectHash Disk fromtheActiontoPerform”drop-downbox.
b. Selectyourpreferredhash algorithmfromthe“HashType”drop-downbox. (Youcanmodifywhich
hashalgorithmappearsbydefaultinthedrop-downboxonthe“Congure”screens“System”tab.
SeeSection5.1.)
c. Selectthetargetdiskfromthe“Target”drop-downbox.
d. Selectthepartitionyouwanttohashfromthe“Partition”drop-downbox.
e. ClicktheStart button.A“Completed”messageboxwillpopupwhentheactionhasnished.Click
onthemessagetocontinue.
Youcanviewtheresultsofthehashactionbyscrollingdowntothe“SystemLog”panelonthe“Home”
screen.Findandclickonthelatestlink,whichwillbedenotedbyalenamewithadate/timestampformat:
“S_yyyymmddhhmmss”.Alternatively,youcanclickontheLogs buttonfromthetopmenubar.
4.1.7 Snapshot Disk
TheDittoForensicFieldStationprovidesS.M.A.R.T.andhdparminformationforanysourceordestination
diskconnectedtoitself.Nocloneorimagerequestneedstobedone.
Tocreateasnapshotofadisk,followthesesteps:
a. SelectSnapshot Disk fromtheActiontoPerform”drop-downbox.
b. Selectthetargetdiskfromthe“Target”drop-downbox.
c. ClicktheStart button.A“Completed”messageboxwillpopupwhentheactionhasnished.Click
onthemessagetocontinue.
You can view the resultsof the snapshot action byscrolling down to the“System Log” panel onthe
“Home”screen.Findandclickonthelatestlink,whichwillbedenotedbyalenamewithadate/time-
stampformat:“S_yyyymmddhhmmss”.Alternatively,youcanclickontheLogs buttonfromthetopmenu
bar.
ScrolltoeSATAExtendedDiskInfo”toseerecordeddata,includingS.M.A.R.T.andhdparminformation.
4.1.8 NetView Scan
NetViewisanetworktoolthatcanbeusedtodiscovermachinesonanetworkandevenprobethemfor
specicservicesthattheymayberunning.Thiscapabilitycanhelpaninvestigatorlocatephysicallyhidden
Figure 9. TheAction”sectiononthe“Home”screen,showingthe
optionsavailableforthe“SnapshotDisk”action.
Figure 8. TheAction” section on the“Home” screen, showing
theoptionsavailableforthe“HashDisk”action.
13
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
computersorquicklydeterminewhetheramachineisactingasadatastoragedevice
thattheDittoForensicFieldStationcanimage.
SeeSection11.1formoreinformationabouttheNetViewScanfeature.
4.2 INVESTIGATION INFO
TheInvestigationInfopanelgroupsrelatedinformationthatmayalsobeusedincreating
customdirectoriesandlenames(seeSection5.8).The“Hide”button allowsyouto
minimizethepanel.
Click the Edit button to enter information about the Investigator, Case Number, Evi-
denceNumber,Description,Notes,Basedirectoryprex,andaBaselenameprexfor
anE01orDDimage.
Eacheld is lteredtoblocknon-printableASCII characters.Anycharacters at thele
systemlevelthatmaynotbesafeforadirectorynameorlenamewillbelteredout
andreplacedwithanunderscore.OnlyprintableASCIIcharactersarecurrentlyallowed
fordirectoryandlenames.Multipleunderscoreswillalsobereducedtoasingleunder-
scorepernamingitem.
TheDittoForensicFieldStationwillgenerateanerrormessageifyouenteranon-print-
able ASCII character or if your message exceeds the 58 character limit. Additionally,
whenthenaldirectoryorlenamethatusesanyoftheseeldsiscreated,anotherlevel
oflteringisapplied.
Usingapostrophes(‘)inthenameeldswillcauseanerrorwhentheleorfolder
nameiscreated.TheyshouldnotbeusedintheInvestigationInfoelds.
4.2.1 User Defined Fields
Clickonthegreen plus sign icontoopentheAddUserDenedField”window(see
Figure12).Youmayaddasmanyuserdenedeldsasyouwish.Eachuserdened
eldmusthaveatitle,XMLtag,andvalue.
Thetitle identies the value in the DittoForensic FieldStations browser and LCD
interfaces,andtheXMLtagonlyappearsinthecongurationandlogles.
Toremoveauserdenedeld,clickonthegreen minus sign icon.
4.3 SYSTEM SETTINGS
DisplaysthecurrentcongurationsettingsoftheDittoForensicFieldStation.Theseset-
tingsareloadedasthedefaultsettingsfortheactionsyouperformintheAction”panel.
The“Hide”buttonallowsyoutominimizethepanel.ClicktheEdit buttontocustomize
thesesettings.SeeSection5.1fordetailsoneachoption.
4.4 CURRENT STATUS
Reportseitheras“Idle”ordisplaysinfoabouttheactionthattheDittoForensicFieldSta-
tioniscurrentlyperforming.
STOP!
Figure 11. The“InvestigationInfo”section.
Figure 13.The“SystemSettings”section.
Figure 14. The“Current Status” section, displaying a
thestatusofaPhysicalImageaction.
Figure 10.TheAction”sectiononthe“Home”screen,
showingtheoptions availablefor the“NetviewScan”
action.
Figure 12. TheAddUserDenedField”window.
14
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
4.5 DISKS
DisplaysinformationabouttheattatcheddisksthatarecurrentlyconnectedtotheDitto
Forensic FieldStation.The“Hide” buttonallowsyoutominimizethepanel.To see the
availablespaceadiskhas,clickthegreen double arrow iconnextinthe“Used”column
header(seeFigure16).Thediskusagewillrefreshandgiveanupdatedamount.
The“TargetMode”buttonallowsyoutopresentthedisksattachedtotheDittoForensic
FieldStationasiSCSIdisksonanetwork.Thisisusefulifyouwishtousethirdpartydata
acquisitiontoolsagainstthediskswithoutcreatinganimage.The“SourceNetwork”and
“SourceDestination”buttonsareusedformountingiSCSIdevicesaswellasNFSand
SMBsharestotheDittoForensicFieldStation.Formoreinformation,seeSection11.
4.5.1 Previewing and Browsing Disks
Tobrowseordownloaddiskdata,ortoselectlesandfoldersforlogicalimaging,
clickonapartitionsnumberunderthedisk’s“Partition”columnandthenselectPre-
view(seeFigure17).Thisopensupaleexplorerwindowwhereyoucannavigate
throughthelesandfoldersonthedisk.
Directory Toolbar and Right-Click Context Menu Items
ICON ACTION
CollapseFolderTree
Collapsestheentirefoldertreesothatonlythepreviewedpartitions
folderisvisible.
Refresh
Refreshesthefoldercontentsinordertogiveupdatedinformation.
Up
Movesuptotheparentfolder.
Back
Movesbacktothepreviouslyviewedfolder.
Folders
Toggleswhetherfoldersaredisplayedinthecontentspanel.
SelectMode
Togglestheabilitytoselectindividuallesforlogicalimaging.
Figure 15. The“Disks”sectiononthe“Home”screen.
Figure 16. Clickingthegreendoublearrowicondisplays
andupdatesamountofspacecurrentlyusedandavail-
able.
Figure 17. Drop-downmenusforadisk(left)andadisk’s
partition(right).
15
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
Directory Toolbar and Right-Click Context Menu Items, continued...
ICON ACTION
DetailView/ListView
ToggleswhethertheSize,Type,DateCreated,DateModed,andDate
Accessedcolumnsarevisible.
SizeFormat
Changeswhetherlesizesinthe“Size”columnaremeasuredasbytes
orasmegabytes,gigabytes,etc.
View
Openstheselectedle.ImagesandPDFleswillopeninapreview
window.Otherleswillopenadialogboxtodownloadtheletoyour
computer.
Download
Opensadialogboxtodownloadtheselectedletoyourcomputer.
Hash
Opensaninfowindowwiththeselectedle’sname,MD5hash,and
lesizeinbytes.
HexView
OpenstheleintheDittoForensicFieldStationsbuilt-inhexadecimal
viewer.
Logically Image Data
Tologicallyimagedatausingthe“Preview”window,clickontheSelect Mode buttonandthencheck
theboxnexttoeach le orfolderyouwantto logically image.Whenyouarenished,clickonthe
Stage buttoninthelowerrightcornerofthe“Preview”window.Youwillbetakenbacktothe“Home”
screen.Usethe“Action”controlpanelasdirectedinSection4.1.3.Whenyouclickon“SelectFiles&
Dirs”,youwillbeaskedtoconrmwhethertologicallyimagethelesandfoldersyouhaveselected,
ortoselectnewlesandfolders.
4.5.2 View Hexidecimal Data
Toviewadisk’shexidecimaldata,clickonthedisknameunderthe“Port”columnandthenselectHex-
View. Toviewadiskpartitionshexidecimaldata,clickonthepartitionsnumberunderthedisk’s“Parti-
tion”columnandthenselectHexView (seeFigure17).
4.5.3 View Snapshot Data
Toviewadisk’ssnapshotinformation,clickonthedisknameunderthe“Port”columnandthenselect
Snapshot.
4.6 SYSTEM LOG
Shows the actions that the Ditto Forensic FieldStation has performed (see Figure 18).The“Hide” button
allowsyoutominimizethepanel.The“Comment”buttonallowsyoutowriteanotethatisappendedtothe
log.
IfthereisnoSDcardpresentintheSDcardslot,thispaneldisplaysthelogsthathavebeenstoredinvola-
tilememorysincetheDittoForensicFieldStation’slastpowercycle.TheselogsaredeletedwhentheDitto
ForensicFieldStationispowereddown.IfthereisanSDcardpresent,thispaneldisplaysallactionssavedon
theSDCard.
Toviewthelog detailsof aparticularaction,clickonthe linkunderthe“Message”column.whichwillbe
denotedbyalenamewithadate/timestampformat:“S_yyyymmddhhmmss”.Alternatively,youcanclickon
theLogs buttonfromthetopmenubar.
16
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
5 CONFIGURE SCREEN
The“Congure”screenallowsyoutomodifythewaytheDittoForensicFieldStationfunctionstosuityourspe-
cicneeds.ClickontheConfigure tabtoaccessthe“Congure”screenfromthebrowserinterface.
5.1 SYSTEM
The“System”taballowsyoutoviewandcustomizethefollowingsettings.Thisinformationisalsodisplayed
inthe“SystemSettings”panelonthe“Home”screen.Whenyouarenished,clicktheCommit Changes
buttontosavethechanges.
• Default Format: Thisisthedefaultlesystemthatwillbeusedtoformatdestinationdiskswhenthey
areusedinactionsthattheDittoForensicFieldStationperforms.
• Physical Image Type: Setsthedefaultphysicalimagetypeforallactionsthatcreateaphysicalimage.
• Logical Image Type: Setsthedefaultlogicalimagetypeforthe“LogicalImageSourceDisk”action.
• Logical Image Mode:SetsthedefaultLogicalImageModeforthe“LogicalImageSourceDisk”action.
• Verify Single: Determineswhether individual destination disk arehashedand compared to the hash
valueofthesourcedisk’shashvalue.
Figure 18. The“Congure”screen,showingthe“System”tab.
Figure 18. The“SystemLogs”sectiononthe“Home”screen.
17
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
• Verify Mirror: Determineswhethermirroreddestinationdisksarehashedandcomparedtothehash
valueofthesourcedisk’shashvalue(s).YoucanchoosetoverifyeSATA-AoreSATA-Bindividually,both
disks,ornone.
• Verify Clone & Image: Determineswhetherclonedandimageddisksarehashedandcomparedtothe
hashvalueofthesourcedisk’shashvalueduringa“Clone&ImageSourceDisk”action.Youcanchoose
toverifytheclone,theimage,both,ornone.
• Log Disk Info: DetermineswhetherS.M.A.R.T.andhdparmdiskinformationisloggedbeforerunningan
action,afterrunninganaction,both,ornotatall.CRUrecommendsthatyoulogdiskinformationbefore
andafteranaction.
• HTML Logging: Logsarealwayssavedin.XMLformat.ThisoptioncausestheDittoForensicFieldSta-
tiontosavelogsinHTMLformataswell.
• DiskView Logging: Logsanyactiontopreviewadiskoractionsperformedwhilepreviewingadisk(i.e.
startingornishingapreviewofadisk,startingornishingaHexViewaction).
• Hash Type: Setsthedefaulthashalgorithmthatwillbeusedfordiskvericationandthe“HashDisk”
action.TheavailablealgorithmsareMD5,SHA-1,orMD5+SHA-1.Notethathashingwhileusingboth
MD5+SHA-1signicantlyreducesperformance.
• Erase Mode: Setsthedefaulterasemodethatwillbeusedforallactionsthatrequireerasingdisks.
• Stealth Mode: Turns off allLEDs and LCDs ontheDitto Forensic FieldStation.The physical“Stealth
Mode”Switchservesthesamepurpose(seeSection1.2).IfStealthModeisenabledfromthebrowser
interface,thephysicalswitchcannotoverrideit.
• LCD/LED Brightness:SetstherelativebrightnessoftheLCDsandLEDsonthefaceoftheDittoForensic
FieldStationonascaleof1to255.
• Audible Buzzer: Thisisaplannedfeaturethatisnotcurrentlyimplemented.Theaudiblebuzzerwillalert
theusertovariousactionsthatoccurwhenusingtheDittoForensicFieldStation.
• Prompt Invest. Info: Opensa“CongureInvestigationInfo”windowaftertheuserhashitthe“Start”
buttonintheAction”sectiononthe“Home”screen.ThisallowstheusertocustomizetheInvestigator,
CaseNumber, Evidence Number,Description,Notes,BaseDirectory Name, and the BaseFileName
informationpriortoperformingtherequestedaction.
• LCD Prompt Case: Fiveoptions maybechosentomodifythecasenumberspeciedin the“Investi-
gationInfo”sectionofthe“Home”screen.Thecasenumberisincludedin thelogfortherequested
action.“Disabled”leaves the case numberas it is.“Inc/Dec”allowsyouto manually increment the
casenumberupordownusing the navigationbuttonsonthefaceoftheDitto ForensicFieldStation.
AutoInc” automatically increments the case number, and AutoInc/Pause” automatically increments
thecasenumber,butdisplaysaconrmationprompttheLCDscreenbeforebeginningtherequested
action.TheseoptionsrequireanumbertobepresentontheendoftheCaseNumberspeciedinthe
“InvestigationInfo”section.
• LCD Prompt Evidence: Fiveoptionsmaybechosentomodifytheevidencenumberspeciedinthe
“InvestigationInfo”sectionofthe“Home”screen.Theevidencenumberisincludedinthelogforthe
requested action.“Disabled”leaves the evidencenumber as itis.“Inc/Dec”allowsyoutomanually
incrementtheevidencenumberupordownusingthenavigationbuttonsonthefaceoftheDittoForensic
18
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
FieldStation.AutoInc”automaticallyincrementstheevidencenumber,and“AutoInc/Pause”automati-
callyincrementstheevidencenumber,butdisplaysaconrmationprompttheLCDscreenbeforebegin-
ningtherequestedaction.TheseoptionsrequireanumbertobepresentontheendoftheEvidence
Numberspeciedinthe“InvestigationInfo”section.
• Quick Start: Enablesthe“QuickStart”screenontheLCDthatappearsafteryoubootorreboottheDitto
ForensicFieldStation.Thesettingsforthismodemaybemodiedinthe“QuickStart”tab.SeeSection
5.9.
5.2 NETWORK
The“Network”taballowsyoutoviewandcustomizethefollowingsettings.Ifyouareunsureorhaveques-
tionsaboutchangingyournetworksettings,contactyournetworkadministrator.Whenyouarenished,click
theCommit Changes buttontosavethechanges.
5.2.1 Host Name
AllowsyoutochangewhatnamefortheDittoForensicFieldStationwillbedisplayedonanetwork.Host
namesarenotcasesensitive,butmustbeginwithanyletter“A-Z”.TheycancontainthethelettersA-Z,
numbers0-9,underscore“_”,anddash“-”characters.Hostnamesmustalsobelimitedto64characters.
Figure 20. The“Network”tabonthe“Congure”screen,showingthe“Source,“Destination,and“Wi”
networksettings.The“WiNetwork”sectiononlyappearswhenaUSBwirelessnetworkadapterhasbeen
pluggedin.
19
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
5.2.2 Source Network
The“SourceNetwork”sectiondisplaysthesourceEthernetport’sMACAddressaswellasitsIPassign-
mentmethod.Youcanchooseeither“DHCP(AutoCong)”or“StaticIP(ManualSettings)”fromthetop
drop-downbox.
The“RemoteAccessibility”drop-downboxallowsyoutochoosewhetherornottheDittoForensicField-
StationrespondstoanynetworktrafcviathesourceEthernetport.
5.2.3 Destination Network
The“DestinationNetwork”sectiondisplaysthesourceEthernetport’sMACAddressaswellasitsnet-
workingmode.Youcanchooseeither“Server”,“Client(DHCP)”,or“Client(StaticIP)”fromthedrop-down
box.
Server
“Server”allowsyoutoconguretheDittoForensicFieldStationforuseasaserver.Thiscanbehelpful
ifyouareconnectinganiSCSIdevicetothedestinationEthernetport,forexample(seeSection11.3.2),
or you are connecting Ditto directly to your computer instead of through your ofcenetwork.The
defaultsettingsbelowwillworkformostenvironments.Thisisanadvancedoption,sodonotcus-
tomizethedefaultservercongurationbelowunlessdirectedtodosobyyournetworkadministrator.
IP Address: 10.10.10.1
Subnet Mask: 255.255.255.0
DHCP Server: Enabled
DHCP Start Address: 10.10.10.100
DHCP End Address: 10.10.10.199
DNS Server: Enabled
DNS Domain Name: ditto.local
NTP Server: Enabled
NAT Gateway: Disabled
DonotconnecttheDittoForensicFieldStationtoanothernetworkwhileitisconguredasaserver.
Doingsowillcausenetworkconictsandmaydisruptnetworktrafc.
Client (DHCP)
ThisoptionautomaticallyconguresthedestinationEthernetporttoconnecttotheattachednetwork.
Client (Static IP)
ThisoptionallowsyoutomanuallycongurethedestinationEthernetporttoconnecttotheattached
network.
5.2.4 Wifi Network
The“WiNetwork”sectionallowsyoutocongureathirdpartyUSBwinetworkadapterthat’sbeen
pluggedintothe“SouceInputs”USBport.Italsodisplaysthatport’s MACAddress.Adapterswithan
AtheroschipsetandsomeadapterswithRealtekchipsetsarecompatible.
TheDitto Forensic FieldStation canhandlemultipleUSBdevicesthroughaUSBhubattachedtothe
USBportonthe“SourceInputs”sideoftheForensicFieldStation.
STOP!
NOTE
20
Protecting Your Digital Assets
TM
Ditto Forensic FieldStation User Manual
“WiMode”allowsyoutodeterminewhethertheDittoForensicFieldStationconnectstoawinetwork
oractsasawihotspotitself.HotSpotModeishelpfulifyouareworkinginaseparatelocationfrom
theDittoForensicFieldStationthatisstillwithinrangeofawirelessnetwork,orifthereisnohardwired
networkavailableinthelocation.
Choose“Client Mode” to connectto an existing wi networkor“Hot SpotMode” tomaketheDitto
ForensicFieldStationintoawihotspot.
Client Mode
Check“Status:AutoStart”ifyouwanttheDittoForensicFieldStationtoconnecttothespeciedwire-
lessnetworkautomatically.
Toselecttheclientmode’snetworkingmode,youcanchooseeither“Client(DHCP)”or“Client(Static
IP)fromthedrop-downboxunderneaththeMACAddress.“Client(DHCP)”automaticallycongures
theUSBwinetworkadaptertoconnecttoawinetwork.“Client(StaticIP)”allowsyoutomanually
conguretheconnection.
Hot Spot Mode
Check“Status:AutoStart”ifyouwanttheDittoForensicFieldStationtobeginbroadcastingasahot
spotautomaticallywheneverawiadapterispluggedin.
Thedefaultsettingsbelowwillworkformostenvironments,withseveralexceptions.
InputyourownkeytoensurethatyourDittoForensicFieldStationremainssecure.
Youmay berequiredtoconformtoyourcountry’slawsand regulationsregardingwirelessradio fre-
quencyusage.Selectyourtwo-digitcountrycodefromthe“RegulatoryDomain”dropdownlist,and
theDittoForensicFieldStationwilllimitthefrequenciesitmaybroadcastontoonlythoseintheper-
mittedrange(s).
DonotconnecttheDittoForensicFieldStationtoawirednetworkwhileitisconguredasahotspot.
Doingsowillcausenetworkconictsandmaydisruptnetworktrafc.
SSID: {HostName}-wi
Regulatory Domain: Global
Band: G-2.4GHz
Channel: Auto
Broadcast: Checked
Security: WPA2Personal
Key: ditto123
Show Key: Unchecked
IP Address: 10.10.10.1
Subnet Mask: 255.255.255.0
DHCP Server: Enabled
DHCP Start Address: 10.10.20.100
DHCP End Address: 10.10.20.199
Moresettingsareavailableonthenextpage.
STOP!
STOP!
STOP!
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46

WiebeTech Ditto Forensic FieldStation User manual

WiebeTech
Brand
WiebeTech
Model
Ditto Forensic FieldStation
Type
User manual
Download PDF
report

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI

Related papers

Other documents