Media Exploitation Kit - Basis Technology Products

ABOUT US
PRODUCTS
- Products Overview
- Rosette Linguistics Platform
- Language Identifier
- Unicode
- Base Linguistics
- Entity Extractor
- Name Indexer
- Name Translator
- Arabic Desktop Suite
- Request Product Evaluation
SOLUTIONS
NEWS AND EVENTS
CUSTOMERS
- Partners
SUPPORT
CONTACT US

Solutions Overview
Government
Search-Based Applications
E-Discovery
Financial Compliance
Apache Lucene & Solr
Digital Forensics
- Media Exploitation Kit
- Odyssey Keyword Search
- Advanced Forensic Format

MEK capture = data integrity

The capture operation does not modify the contents of the hard drive in any way.
The captured image includes forensic metadata — a cryptographic hash of the data, the hard drive serial number, and the time the capture was performed.

Quick Links

Downloads

Digital Media Exploitation Kit datasheet

Home > Solutions > Digital Forensics > Media Exploitation Kit

PRODUCTS

Digital Media Exploitation Kit (MEK)

Capturing forensic data from PC hard drives.

An ever increasing number of PCs are being used to commit or plan crimes. Digital investigations identify digital evidence and collect intelligence about the actions of authorized and unauthorized computer users.

The typical digital investigation begins with removing the hard drive from a PC, copying the drive contents to another storage location, reinstalling the hard drive in the PC, and finally analyzing the contents. These are difficult and time-consuming steps that risk the loss of critical data and require substantial training.

The automated alternative

Basis Technology’s Digital Media Exploitation Kit (MEK) speeds up and simplifies the process of acquiring data from PCs to make a drive image. MEK is an easy-to-use forensics tool for capturing the entire contents of a hard drive without removing it from the PC

Step 1: Connect the external MEK capture drive to the PC with the USB or FireWire cable
Step 2: Insert the bootable MEK CD-ROM in the PC
Step 3: Boot the PC

The remainder of the process is automatic. No specialized training is required, and the user need not perform any operation that risks damaging the hard drive or data.

MEK stores a perfect copy of each PC hard drive on its own capture drive. It also stores forensic metadata, such as the serial number of the drive and the time the data is captured. An MEK-produced cryptographic hash allows the integrity of the data to be verified. The user may also store a cryptographic signature of the data and other user-specified metadata.

Where can I use MEK?

MEK can capture data from any PC with an x86 CPU (i386 through Pentium, AMD Athlon, etc.), a bootable optical drive, and a USB or FireWire interface. MEK will capture from IDE, ATA, SATA, SCSI, USB, and FireWire drives on the target computer.

What’s included in the package?

A bootable software CD-ROM for capturing the content of PC hard drives
An external hard drive with power supply, USB interface, and FireWire interfaces. Rugged drive options are also available.

The external capture drive

The user can capture images from as many PC hard drives as fit on the MEK capture drive.

The user can later off-load the image files from the capture drive to a repository and reuse the drive to capture additional images.

Flexible formats for hard-drive data

MEK can capture the drive image in one of three formats of the Advanced Forensics Format™ (AFF).

AFF is an open format for storing a compressed drive image. Typically AFF can store twice as many images as the raw format on a capture drive – more if the hard drives were not fully used. AFF metadata includes the number of empty sectors, the number of unreadable (corrupted) blocks, forensic metadata, and the cryptographic hash. Learn more about AFF.