ArcPoint Newsletter, August 2021

DF Industry Happenings

ArcPoint Forensics is proud to be a Platinum Sponsor of the Cyber Social Hub, the new social network for Digital Investigators, Cybersecurity, and eDiscovery Professionals. What attracted us to The Hub is the opportunity to connect directly with investigators and other key stakeholders through the “Hub Feed” and numerous online collaboration events. Our favorite thing about going to trade shows is getting to hang out with DF tech users. That’s the world we come from and we created ArcPoint because we wanted to create and deliver great products that USERS want! But trade shows are just a few days long and passive comms like emails and traditional social media posts don’t create real connections. The Hub gives us those connections on an ongoing basis, so we’re excited to be part of it. And if you are an investigator looking for a social community focused on technology investigators just like you, check out Cyber Social Hub – where your posts are never overshadowed by cat memes!!

ArcPoint Company and Product News

Pre-sales starts September 1: Reserve your ATRIO! As everyone knows, supply chain issues driven by the global chip shortage are affecting everything from the auto industry to tech giants to the little guys (that’s us!). ArcPoint has been working diligently over the past few months to get our hands on all of the components we possibly can to maximize our inventory at product launch. That said, it’s a jungle out there and we expect to have limited inventory of ATRIO units in 2021. So if you want to be sure you get your ATRIO, mark your calendar and go here on September 1st for purchase information.

Stakeholder Testing. With our technical team buttoning up development on ATRIO’s final features and functions, and the design work for ATRIO’s casing wrapped up as well, we are on the verge of launching final stakeholder field testing with actual ATRIO units! ATRIO will spend three weeks in the hands of a select group of users who will provide feedback on all of its features, and how it tackles the demands of their real-world investigations. We can’t wait to get this final bit of feedback from across our DF stakeholder universe! ArcPoint’s development team will make any final necessary tweaks and we will give the green light to our manufacturer to start production!

Manufacturing. Speaking of manufacturing, ArcPoint is proud to be partnering with Patriot Technologies, Inc. for our manufacturing needs. Every ATRIO unit will be produced at Patriot’s headquarters facility in Fredrick, MD. We are proud to be Made in America!

Monthly Tech Tip

If you ever need to mount a file system from an E01 image to your host’s file system, there is a quick and easy way to do that. Mounting is when the operating system makes a storage device available to the user through the computer’s file system. Mounting a partition in an E01 image will allow you to quickly see and browse the files on that partition as if they are in a folder on your computer.

To achieve this, we need a the open source tools called “ewfmount” and “mmls” along with the built in Linux command called “mount”. Below are the steps to mount a file system from a partition:

1. mkdir /mnt/ewf (this makes a directory where the image will be converted to a raw format)
2. ewfmount my_image.E01 /mnt/ewf (makes a file called ewf1 which is the raw image file)
3. mmls /mnt/ewf/ewf1 (prints the partitions in the image, find the offset you want to mount)
4. mkdir /mnt/mountedFiles (this makes the directory where the files will be available)
5. mount -o ro,loop,offset=X /mnt/ewf/ewf1 /mnt/mountedFIles (mounts the file system)*

*In step 5, replace “X” with the offset you found from step 3 multiplied by the sector size (typically 512)
Now you can access your files in /mnt/mountedFiles just like a normal folder!




Related posts

Search Bitlocker Detection From The Command Line
macOS Forensic Artifacts Search