Page 2: Table Of Contents
Contents Preface ......................5 1.1 Drive capacity and transfer rate measurement conventions ....5 Overview ...................... 5 2.1 TX1 kit contents ..................8 2.2 Navigating TX1 ..................10 2.2.1 Home screen ................10 2.2.2 Side navigation menu..............12 2.2.3 Jobs tab ..................12 2.2.4 Job status ..................
Page 3 OpenText Tableau Forensic TX1 Imager 4.1.3 Side navigation menu..............64 4.2 Preconditions checking ................ 64 4.3 Duplicating ................... 64 4.3.1 Cloning ..................65 4.3.2 Imaging ..................65 4.3.3 Performing a duplication............. 66 4.3.4 Using automated acquisition ............74 4.3.5 Duplication over a network ............82 4.3.6 Pausing and resuming a duplication job ........
Page 4 6.2.4 Problems detecting Apple devices in target disk mode ..... 177 6.2.5 Long time to complete locally initiated firmware update .... 179 6.2.6 Real-time clock data retention issue ......... 179 About OpenText ..................180 The Information Company Copyright © 2022 Open Text. All rights reserved. Trademarks owned by Open Text.
Page 5: Preface
150,000,000 bytes per second. 2 Overview Tableau TX1 is a powerful, yet intuitive, forensic imager that offers superior local and networked imaging performance with no compromises. The touch screen user interface is easy to use and provides a familiar user experience similar to modern tablets and smartphones.
Page 6 Acquisition of PCIe, USB 3.0, SATA, SAS, FireWire, IDE, and network shares (iSCSI • and CIFS). Note: PCIe and IDE adapters (sold separately) are required to image these drive types. • Output to USB 3.0, SATA, SAS, and network shares (iSCSI and CIFS). The ability to target file-based evidence with a powerful logical imaging function, •...
Page 7 OpenText Tableau Forensic TX1 Imager Extensive filesystem support - APFS, ExFAT, NTFS, EXT4, FAT(12/16/32), and • HFS+. Whole disk, open standard, destination drive encryption using XTS-AES. • Automatic blank checking of source and destination drives. • Comprehensive destination/accessory drive wiping capabilities, including NIST 800- •...
Page 8: Tx1 Kit Contents
TX1 can operate as a standalone device, as shown above. Optionally, TX1 can operate with the destination imaging bay (TX1-S1), as shown above. The left source (write blocked) side of TX1. The right destination (read/write) side of TX1. 2.1 TX1 kit contents TX1 ships in a boxed kit with custom foam that includes the following items: The Information Company Copyright ©...
Page 9 OpenText Tableau Forensic TX1 Imager Item Model # Description TX1 Forensic Imager TX1-S1 Optional destination drive bay for up to two 2.5” or 3.5” SATA or SAS drives Provides power to TX1, the optional TX1-S1 Drive Bay, and most common combinations of source and destination drives.
Page 10: Navigating Tx1
Do not discard the TX1 foam packaging, as it is designed to fit several industry-standard hard sided carrying cases (for example, the Pelican 1500). If you received the TX1 kit in the cardboard box shipped by OpenText, you can reuse the stacking foam inserts in your own hard sided case.
Page 11 OpenText Tableau Forensic TX1 Imager Tap one of these icons to begin a job and enter the job setup screen. A job setup screen provides a stepper-based flow from which you can view default settings, enter job notes for your case, change settings, and start the job. Tap the left arrow in the job setup tab to navigate back to the previous screen or to the Home screen.
Page 12: Side Navigation Menu
count, these buttons can be tapped to display a summary list of available drives and allow access to further drive details, screens, and operations. Note: The middle area of the bottom row of the Home screen (for USB Accessory drives) is only shown when a USB Accessory drive is connected.
Page 13 OpenText Tableau Forensic TX1 Imager The Automated Acquisition area will indicate if that mode is enabled. When enabled, the count of any duplication jobs run during that automated session will be displayed. See “Using automated acquisition” on page 74 for more details on this valuable, time-saving feature.
Page 14: Job Status
In the first example on the left, there are two active jobs – a hash and an automated duplication job. There are two automated duplication jobs queued and waiting for resources to be able to start. Note the textured grab areas in the queued job tiles which can be used for drag-and-drop job reordering.
Page 15 OpenText Tableau Forensic TX1 Imager Note: The solid orange triangle in the upper right corner of the drive tiles indicates that the drive is currently being used as part of an active job. This is shown regardless of the location of the drive tile and makes it easy to spot drives that are in use. Similarly, drives that are part of a queued but not yet active job will show as an orange border triangle with white in the middle.
Page 16: Quick Reference Guide
Clicking the View Log link immediately displays the detailed text log for that job. You can easily click back to the Job Status screen or close the log and return to the Home screen. The link back to the Job Status screen works regardless of the method used to get into the log details window.
Page 17: Reading The Status Leds
OpenText Tableau Forensic TX1 Imager 2.3 Reading the status LEDs On/Off indicator LED: The illuminated power switch is located in the top-left corner of TX1 and it displays a white LED when the unit is on. DC In LED: The TP6 power supply cable has a blue LED ring near the end of the barrel connector that indicates the TX1 power supply is receiving adequate DC input power.
Page 18: Usb Keyboard Support
2.6 USB keyboard support You can plug a standard USB keyboard into either USB accessory port on the front of TX1. Some users find it more convenient to use an external keyboard to enter data instead of using the virtual touchscreen keyboard. Language localized keyboard support is limited to the virtual keyboard only.
Page 19: System Settings
OpenText Tableau Forensic TX1 Imager Network Settings: Access the Network Settings screen. • Defaults: Access the Operations Defaults screen. • Users: Access the administrator level User Management screen. • Lock System: Lock the screen with a PIN to prevent access while unattended.
Page 20 Tap the toggle buttons to enable or disable a setting such as the 24-hour clock. To define a slider setting value, such as the LCD brightness, tap and hold the slider selector, then slide to the desired value. For the Timezone setting, a multi-value selection box will be displayed to allow selection from a predefined list of settings.
Page 21 OpenText Tableau Forensic TX1 Imager should the NTP server update routine fail for any reason, a warning message to that effect will be shown instructing you to manually set the time and date. The user interface display language can be set to German, English, Spanish, French, Korean, Portuguese, Russian, Turkish, or Chinese.
Page 22: Network Settings
3.2.2 Network settings Tap Network Settings to display the Network Settings page. The Network Settings screen displays network related information and the current connection status in the top area, followed by a Configuration area for setting the IP address, MTU (maximum transmission unit) value, and custom hostname. Following the network configuration area are areas for 802.1X configuration, and an HTTPS certificate area.
Page 23 OpenText Tableau Forensic TX1 Imager The maximum allowed MTU settings for each link speed are as follows: • 100 Mbps: 1,500 • 1 Gbps: 9,000 10 Gbps: 65,280 • Each network device in the end-to-end communication path should use the same MTU value to achieve optimum and reliable performance.
Page 24 Then tap Identity to enter your 802.1X identity (required). Note that each EAP type has additional requirements and configuration settings depending on the type selected, as covered in the sections below. Note that one or more certificates (depending on the EAP type and other settings) may need to be loaded onto your TX1 before attempting to authenticate on the network.
Page 25 OpenText Tableau Forensic TX1 Imager Tap Save to show the selected EAP type and status in the settings summary. PEAP: Select a supported Phase two internal protocol (EAP-MSCHAPv2 or MSCHAPv2). A CA certificate must be installed on TX1 to enable server authentication.
Page 26 Tap Save to show the selected EAP type and status in the settings summary. After saving the selected EAP type and Phase two internal protocol settings, a yellow icon appears in the right side of the top navigation bar, and an Add Password button becomes active in the settings summary area.
Page 27 OpenText Tableau Forensic TX1 Imager Note: 802.1X passphrases are required to decrypt encrypted private keys. These passphrases can be between 4 and 1023 characters in length. 3.2.2.2 HTTPS certificate setup TX1 generates an SSL certificate on startup. You can use this certificate, manually generate a new certificate, or install your own certificate.
Page 28: Default Settings
3.2.3 Default settings Tap Defaults to display the Operations Defaults page. Several different entry methods are used for the settings on this page, including direct data entry, sliders, radio buttons, and an Image Directory name builder area. As shown above, the Date + Time directory path element boxes have been selected (in that order), so therefore the image directory path is tx1_images/<Date+Time>.
Page 29 OpenText Tableau Forensic TX1 Imager The Advanced Logical Imaging Setup switch sets the mode of operation for the Logical Imaging setup screens. The default value is off, which provides a basic and easy-to-use search method for targeting forensically valuable information on a given source drive.
Page 30: User Management
3.2.4 User management In some forensic work environments, it may be desirable to set up distinct users with unique passwords to limit access to the available TX1 units. Also, with the addition of remote access capability, the ability to set user credentials has become a security requirement.
Page 31 OpenText Tableau Forensic TX1 Imager Tapping on any user in the list will show a User Management screen which contains all the available options for each user. The User Management screen for default User1 is shown below. On this screen, an administrator can change any user’s username and password, as well as set administrator rights, allow remote access, and enable auto login.
Page 32: Locking The System
To create a new user, simply tap the Create New User button at the bottom right of the Users list screen and enter the username and initial password for the new user and tap submit. A User Management screen will appear for the new user allowing complete user configuration (as shown in the screenshot above for User1).
Page 33: Updating Tx1 Firmware
OpenText Tableau Forensic TX1 Imager After entering the desired PIN, tap the Submit button in the lower right corner of the screen to begin the locking process. The system will prompt you for a second entry of the same PIN to confirm the desired digits have been entered. After verifying that both PINs match, the system will be locked.
Page 34 with version 7.32) can be used to save the TX1 firmware package file (.tx1_pkg) to any location available to your host system, which can then be made available to your TX1 to update its own SD card (without having to remove it from the unit). Finally, you can update the firmware remotely, using the web interface.
Page 35 OpenText Tableau Forensic TX1 Imager A browse screen appears that lists all mounted drives/shares. Tap on the desired drive/share and then use the Browse window to navigate to the folder that contains the TX1 firmware package file. Select the desired .tx1_pkg file, and then tap the Select button in the bottom right corner.
Page 36 The first step in a remote firmware update is to select the new TX1 firmware package file on your local computer. To initiate this, tap the SELECT FILE button in the Upload device firmware area. This will launch a file browser window on your host system, allowing you to navigate to and select the desired firmware package file.
Page 37: Media Utilities
OpenText Tableau Forensic TX1 Imager 3.3 Media utilities Accessible from the Sources, USB Accessories, or Destinations buttons at the bottom of the Home screen (and all locations that provide drive lists), TX1 provides the following media utilities: Content breakdown •...
Page 39 OpenText Tableau Forensic TX1 Imager To view the raw hex data for a given drive/partition, tap the View Hex button within the information box. A sample hex view window is shown below. Each row shows 16 bytes of hex data, along with each byte’s ASCII equivalent on the right side. The number with the plus sign to the left of each row represents the byte value offset from the start of the shown sector.
Page 40: Wiping Destination Or Accessory Drives
Filesystem elements show basic filesystem information (label, type, a free/used/total space) and a Browse button that opens TX1’s standard browse modal, as shown in the screenshot below. 3.3.2 Wiping destination or accessory drives The Wipe media utility provides three wipe types for destination and accessory drives. A summary of each wipe type is provided here, with more details in the table below.
Page 41 TX1’s control. From OpenText empirical testing over a large sample size of drives from different manufacturers, Secure Erase will reliably wipe drives in a very short period of time, but with a higher likelihood of a non-deterministic data state when complete, which makes reliable verification impossible.
Page 42 The screenshot below shows the wipe screen for an SSD that supports Sanitize. Note: Wiping drives results in sustained writing of the media, which can create abnormally high thermal operating conditions inside the drive. OpenText highly recommends using the TX1-S1 drive bay (which has active cooling) or an external drive cooler or fan when wiping media on TX1 to help prevent thermal damage to drives.
Page 43 OpenText Tableau Forensic TX1 Imager Option Description Overwrite - Multiple Pass TX1 performs three full write passes to the destination or accessory drive. The first pass writes zeros (0x0000) and the second pass writes ones (0xFFFF). When a custom data pattern is specified, it will be written only on the third pass.
Page 44 Option Description and any other space reserved by the drive’s internal controller. TX1 will force removal of any detected HPA/DCO/AMA configurations prior to starting a Sanitize – Block Erase wipe, except for USB connected media. TX1 cannot remove HPA/DCO/AMA configurations for USB connected media, which means Sanitize –...
Page 45 OpenText Tableau Forensic TX1 Imager conformant Sanitize commands. The Purge option is disabled if the Sanitize command is not supported by the drive. The screenshots below show examples of NIST Clear and NIST Purge compliant drive wipe setups. The following flowchart depicts how TX1 determines wipe setting conformity to NIST 800- 88 r1.
Page 46: Formatting Destination And Accessory Drives
3.3.3 Formatting destination and accessory drives To perform an image duplication to or save logs to a drive, you must format the destination or accessory drive with a file system that is recognizable by TX1. TX1 supports formatting destination drives in the following file system formats: exFAT, NTFS, EXT4, FAT32, or HFS+.
Page 47: Tableau Encryption Management
OpenText Tableau Forensic TX1 Imager Note: TX1 cannot format a destination drive with an APFS filesystem, though it can mount a previously formatted APFS volume on any connected drive (source, destination, or accessory port). 3.3.4 Tableau encryption management TX1 can encrypt destination and accessory drives using a password-based XTS-AES whole disk encryption.
Page 48: Encryption Unlock
The encryption password can be changed only on destination and accessory drives, as it requires a write modification to the encrypted header. OpenText is not able to recover lost passwords for TX1 encrypted media, so take appropriate steps to ensure you never lose your password.
Page 49 SEDUTIL function uses. Attempting to use a known password for such drives using TX1 will result in failed unlock attempts. Please contact OpenText Customer Support if you suspect you have run into such a situation. 3.3.5.2...
Page 50 Trusted Platform Module (TPM) methods secure a BitLocker encrypted drive with hardware-based interactions that are not supported by TX1. Unlike an Opal SED, a BitLocker drive can be physically imaged (e01, ex01, dd, dmg) or cloned in its encrypted state. Such evidence can then be used with forensic investigation tools such as EnCase Forensic to unencrypt and analyze the evidence.
Page 51: Disabling Drive Capacity Limiting Configurations
OpenText Tableau Forensic TX1 Imager APFS Bitlocker Opal Tableau Operation Locked Unlocked Locked Unlocked Locked Unlocked Locked Unlocked Physical Full drive Full drive Full drive Full drive n/a (no Full drive Full drive Only the Image/ will be will be...
Page 52 3.3.6.1 Volatile HPA removal HPA can be disabled without making a permanent modification to the drive. This is known as volatile, or temporary, removal of the HPA configuration. When a drive that has had its HPA removed in this manner is removed from TX1 (or is otherwise powered down) and then re-powered, it will always come back in its original state (with the original HPA configured and enabled).
Page 53 OpenText Tableau Forensic TX1 Imager The protocol information area shows the fact that no sectors are currently hidden, as • well as how many were exposed when the HPA was removed. TX1 never makes automatic changes to any drive capacity limiting configurations on destination drives.
Page 54 IDE drives with a DCO require special considerations with TX1. This is due to the fact that IDE drives are connected via the PCIe interface using a Tableau IDE Adapter (TDA7-5). DCO setting changes require power-cycling the drive which, for directly connected SATA drives, is done automatically by TX1.
Page 55: Blank Checking
OpenText Tableau Forensic TX1 Imager 3.3.7 Blank checking The Blank Check utility checks a drive for the presence of meaningful data. The following table provides Blank Check option details: Option Description Fast Quickly checks to determine if the drive appears to be blank by reading in and checking the sectors in the Master Boot Record, the Primary GPT, and the Secondary GPT.
Page 56: Browse Filesystem
may contain different repeating patterns. If any sector is found to not be blank, the drive is not considered blank, and the blank check will stop. Note: The Fast and Smart blank check options do not perform exhaustive checks of the entire drive.
Page 57: Smart Data
OpenText Tableau Forensic TX1 Imager the currently selected folder/file. Below that is the main browse window, which shows the complete filesystem tree including all folders/files contained on the drive or share. In the browser portion of the window, you can scroll up and down the list of folders/files and tap individual folders to drill down to the desired level to expose the names of individual files located on the drive.
Page 58: Export
3.3.10 Export This media utility allows the user to securely export any source, accessory, or destination drive as an iSCSI target. This makes the drive available to a remote user on any IP- based network (LAN/WAN/internet) via the Ethernet connection on the rear of TX1. During the export process, TX1 will assign a unique IQN (iSCSI Qualified Name) to each exported drive.
Page 60: Eject
Any exported drives can be un-exported by navigating to the iSCSI Export media utility for the drive and tapping on the Remove Export button in the lower right portion of the iSCSI Export screen. 3.3.11 Eject This media utility is provided to allow for safe ejection of attached drives. Ejecting a drive removes it from the system software in a safe manner and is recommended before unplugging any attached media from a powered TX1 and before powering down TX1 with drives attached.
Page 61: Connecting Drives
OpenText Tableau Forensic TX1 Imager 3.4 Connecting drives The following procedures provide the necessary steps for safely connecting drives to TX1. TX1 operates as a standalone device or with the TX1-S1 drive bay. To connect the drive bay, ensure TX1 is powered off, align TX1 into place on top of the drive bay, and slide it back to lock it into place.
Page 62: Accessory Drives
Note: The SATA/SAS destination DC OUT ports directly on TX1 are enabled even when a TX1-S1 Drive Bay is connected, allowing for easy connection of up to four SATA/SAS destination drives. Please refer to the specifications section of this user guide for information regarding maximum power configurations.
Page 63: Using Tx1
OpenText Tableau Forensic TX1 Imager TX1 can detect USB drives that expose a CDFS volume. This is a common configuration for proprietary self-encrypting drives. The small CDFS volume typically contains an application that can be run on a host computer system, which allows for entering credentials that will unlock the drive.
Page 64: Home Screen
4.1.1 Home screen • Duplicate Logical • Verify • • Hash Browse • • Restore • Sources, Accessory Drives, and Destinations View connected drive detail • • Access media utilities 4.1.2 Jobs screen Job summary list and job details/status • 4.1.3 Side navigation menu Home shortcut...
Page 65: Cloning
OpenText Tableau Forensic TX1 Imager 4.3.1 Cloning A clone, also known as a disk-to-disk duplication, makes an exact copy of the source drive to the destination drive(s). If a destination drive is not blank, TX1 displays a yellow warning to indicate that a clone will overwrite the contents of the destination drive.
Page 66: Performing A Duplication
Note: Use extreme caution when attempting to copy a source drive to a same size or smaller destination drive. Image file formatting adds overhead and, when coupled with incompressible data (such as encrypted data), a larger destination drive may be needed. 4.3.3 Performing a duplication To perform a duplication:...
Page 67 OpenText Tableau Forensic TX1 Imager 3. To modify or enter job notes, tap the 1 or Job Notes heading to expand the section. Tap a text box to modify or enter Name, Case ID, or Notes values and the virtual keyboard is displayed on the bottom half of the screen.
Page 68 Within a screen displaying a list of drives, you can tap the options icon located in the • right side of the drive tile to see more drive detail and access any available media utilities. TX1 also allows “shelving” of a DCO or AMA for source drives. When enabled for a given source drive, the Shelve DCO/AMA feature will, after the duplication job is started, disable the DCO/AMA, complete the acquisition of the entire source drive, and then attempt to reapply the original DCO/AMA setting back to the source drive.
Page 69 OpenText Tableau Forensic TX1 Imager 5. To change or add the destination drive(s) tap the 3 or Destination(s) heading. From the destination list modal that is displayed, select one or more drives from the list. For each selected destination drive, a Job type panel expands below the Drive tile.
Page 70 The Image option in the Job type panel will be disabled if the destination drive does not have a recognized filesystem. If an image destination is desired, format the destination drive by selecting the details option from the additional options menu (three vertical dots at the right side of the drive tile) or from the Destinations button on the Home screen.
Page 71 OpenText Tableau Forensic TX1 Imager Duplication/ Image Type Hash Type Options Notes MD5 and SHA-1 E01 format does not currently support SHA-256. MD5 and SHA-1 forced on together since E01 format cannot support SHA-1 alone, and it was decided to not allow MD5 alone to simplify setting configurations.
Page 72 7. If at least one destination Job type is image, then Step 5, Image Settings, is displayed as the last step. To change the image settings, tap the 5 or Image Settings heading. Image name defines the base filename for image segments. The default value is image.
Page 73 OpenText Tableau Forensic TX1 Imager 4.3.3.1 Files created during disk-to-file duplication When performing an image, TX1 creates files (sometimes called segments or chunks) on the destination drive that contain the data copied from the drive. Segments are written to the destination drive according to the following convention:...
Page 74: Using Automated Acquisition
duplication job setup. The default setting is Date and Time. See “Performing a duplication” on page 66 for more details. [filename] is the base image filename and is defined in “Imaging” on page 65 during duplication job setup. [filename] .001 (or .E01 or .Ex01) is the first segment or portion of the data copied from the source drive.
Page 75 OpenText Tableau Forensic TX1 Imager To set up Automated Acquisition mode: 1. From the Home screen, tap the Duplicate icon. The Duplicate job setup screen is displayed. The Information Company Copyright © 2022 Open Text. All rights reserved. Trademarks owned by Open Text.
Page 76 2. To modify or enter job notes, tap the 1 or Job Notes heading to expand the section. Tap a text box to modify or enter Name, Case ID, or Notes values and the virtual keyboard is displayed on the bottom half of the screen. If desired, you can also attach a USB keyboard to one of the front Accessory USB ports to make data entry easier.
Page 77 OpenText Tableau Forensic TX1 Imager capacity limiting configurations” on page 51 for more information regarding the Shelve AMA/DCO feature. 4. Your selection of Automated Acquisition mode will be confirmed by the automated acquisition icon in the left side of the drive tile turning green with a gray checkmark inside.
Page 78 5. To change or add the destination drive(s) tap the 3 or Destination(s) heading. From the destination list modal that is displayed, select one or more drives from the list. For each selected destination drive, a Job type panel expands below the Drive tile. Note: Make sure to select Image as the job type for each destination drive.
Page 79 OpenText Tableau Forensic TX1 Imager (three vertical dots at the right side of the drive tile) or from the Destinations button on the Home screen. To make a network share visible in the Source or Destination selection lists in a job setup screen, first add and mount the share from the Sources or Destinations buttons on the Main screen.
Page 80 Error retry defines the number of times TX1 will attempt to read sectors with errors before skipping the sector. Be careful when selecting a value of 10 or 100 as it will drastically increase the duplication time when imaging source drives with errors. 7.
Page 81 OpenText Tableau Forensic TX1 Imager If any source drives were previously connected to the system and the Acquire Currently Connected option was set in step 3 above, then a job will be started or queued for each of the connected drives.
Page 82: Duplication Over A Network
Automated Acquisition mode can be stopped by tapping the Cancel button on the right side of the Automated Acquisition job tile in the Jobs tab. Automated Acquisition job setup does not persist over a power cycle. 4.3.5 Duplication over a network The 10–gigabit Ethernet interface of TX1 enables superior network imaging performance when combined with a properly configured 10–gigabit network infrastructure setup and destination storage server such as a Storage Area Network (SAN) or Network Attached...
Page 83 OpenText Tableau Forensic TX1 Imager 2. Enter the IP address of the iSCSI server by tapping on the Address field. If needed, change the default iSCSI Port from 3260 to the port used by the iSCSI server. If needed, enter a Discovery Username and Discovery Password.
Page 84 3. Tap the Discover button to discover available iSCSI targets. If the discovery is successful, a list of available iSCSI targets will appear below. The Information Company Copyright © 2022 Open Text. All rights reserved. Trademarks owned by Open Text.
Page 85 OpenText Tableau Forensic TX1 Imager 4. Tap an iSCSI target and the iSCSI Login screen is displayed. If needed, enter a login username, password, and a nickname (optional). Tap the Login button to login and mount the iSCSI target. The Information Company...
Page 86 5. If the login is successful, you can optionally save the target as a Bookmark for convenient future access. To save a target as a bookmark tap the Save As Bookmark button under the iSCSI drive tile and enable or disable the desired Username and Password values to be saved.
Page 87 OpenText Tableau Forensic TX1 Imager 6. The target should now be listed in the Sources or Destinations drive list, depending on where you chose to mount it. The target can now be accessed like a normal drive for Duplication as a source (if mounted as a source), Duplication as a destination (if mounted as a destination), Hash (as a source), Verify (as a destination), and some media utilities.
Page 88 4.3.5.2 Adding a CIFS share To add a CIFS share as a source or destination: 1. Tap the Sources or Destinations button at the bottom of the Home screen. Then tap the orange plus button in the upper right corner of the drive list and tap Mount CIFS Share to display the mounting screen.
Page 89 OpenText Tableau Forensic TX1 Imager 2. Enter the IP address of an available server and select Next or tap List Servers to select from a list of available servers on the network. Note: In Static IP setting cases or on networks with no domain name server (DNS), it is still possible to use a server’s computer name to specify the share to mount.
Page 90 3. Enter a share name for the server listed in the status summary and select Next or tap List Shares to select from a list of available shares. The Information Company Copyright © 2022 Open Text. All rights reserved. Trademarks owned by Open Text.
Page 91 OpenText Tableau Forensic TX1 Imager 4. If you chose to use the List Shares feature, a list of available shares will be displayed with the currently connected shares identified by a grayed-out tile with a green check mark on the left. Tap the Show Hidden Shares slider to view default admin/hidden shares in the share list.
Page 92 5. Enter a nickname for this CIFS share (optional) and enter a login username and password (if required). Choose the SMB Version and enable SMB 3.0 encryption (if desired), then tap the Mount button to login and mount the CIFS share. Note: Due to network security concerns, TX1 no longer supports SMB 1.0 as a mounting option for CIFS shares.
Page 93 OpenText Tableau Forensic TX1 Imager 6. The CIFS share should now be listed in the Sources or Destinations drive list, depending on where you chose to mount it. To save a share as a bookmark tap the Save As Bookmark button under the CIFS drive tile, enable or disable the desired Username and Password values to be saved, and then tap the Save as Bookmark button.
Page 94: Pausing And Resuming A Duplication Job
7. The bookmark is now saved (if selected). The share can now be accessed like any mounted filesystem for logical acquisition as a source (if mounted as a source), as a destination for physical and logical image files (if mounted as a destination), Verify (as a destination), Restore (as a source or destination), and some media utilities.
Page 95 OpenText Tableau Forensic TX1 Imager To pause a running duplication job, locate the desired job in the Active Jobs area of the Jobs tab, simply tap its Pause button , and confirm the desire to pause the job. The job will be moved to the Recent area with a status of Paused, as shown below.
Page 96 In addition to manually initiated pause and resume, TX1 supports power loss situations as well. For the supported job types (e01, ex01, dd, dmg), if power is unexpectedly lost during an imaging job, it can be resumed after power is restored and the system is booted up.
Page 97 OpenText Tableau Forensic TX1 Imager 1. From the Home screen, navigate to the side navigation menu (available by tapping the menu icon at the top left of the Home screen). The Information Company Copyright © 2022 Open Text. All rights reserved. Trademarks owned by Open Text.
Page 99 OpenText Tableau Forensic TX1 Imager 3. Find the desired paused job log (Paused status on the right, with the appropriate job start date and time shown) and tap on that log list entry to display the Log Details screen for that job log.
Page 100 4. Review the log details to confirm this is the job that was running when power was lost that you intend to resume. Note that logs for completed jobs that experienced a power loss event will have a message at the top of the log indicating *** POSSIBLE POWER LOSS EVENT DETECTED ***.
Page 101 OpenText Tableau Forensic TX1 Imager log to indicate the date and time of the event. When unexpected power loss is the cause of the pause, there is no time for the system to log the pause time before shutting down, so that information is unavailable and thus not included in the log.
Page 102: Hashing
4.4 Hashing Forensic practitioners may need to calculate the hash values, or fingerprints, for a source drive without making a copy of the drive. The Hash function can generate MD5, SHA-1, and SHA-256 hash values for a source drive. You can use up to two different hash algorithms in one operation.
Page 103 OpenText Tableau Forensic TX1 Imager 2. Enter Job Notes and select a Source drive. 3. Select a Sector Range for the hash. The default settings will always provide a full drive hash, but certain situations (such as a failing source drive with bad sectors) could benefit from a partial drive hash.
Page 104 2. Manually enter the specific start and end sector numbers. Again, if you do not define a custom Sector Range, the entire drive will be hashed. After verifying the hash settings, tap the Start Hash button at the bottom of the screen. The Information Company Copyright ©...
Page 105: Logical Imaging
OpenText Tableau Forensic TX1 Imager 4. To cancel the hash operation, close the Job Status screen by tapping the X in the upper right corner, and then tap the Cancel button from the Active Jobs area at the top of the Jobs summary screen.
Page 106: Performing A Logical Image Acquisition
rapid acquisition of source file data, providing TX1 users the ability to balance thoroughness with acquisition time and effort for the demands of a given case. The logical imaging function can be configured to create logical evidence files (lx01 format) and/or metadata lists (comma separated value csv format). The industry standard lx01 logical evidence file format can be used with a variety of post-acquisition forensic analysis software tools, such as industry leading EnCase.
Page 107 OpenText Tableau Forensic TX1 Imager 2. From the Home screen, tap the Logical icon. The Logical Image job setup screen will be displayed, as shown below. The job setup screen is organized in a natural workflow from top to bottom, but the steps and settings can be accessed in any order.
Page 108 3. To modify or enter job notes, tap the 1 or Job Notes heading to expand the section. Tap a text box to modify or enter Examiner name, Case ID, or notes values and the virtual keyboard is displayed on the bottom half of the screen. If desired, you can also attach a USB keyboard to one of the front Accessory USB ports.
Page 109 OpenText Tableau Forensic TX1 Imager Note: Within any screen displaying a list of drives, you can tap the options icon (three vertical dots) located on the right side of the drive tile to see more drive detail and access any available media utilities.
Page 110 5. The next step is to determine which files and folders should be acquired. Start this process by tapping the 3 or Files to Acquire heading in the job setup stepper (resulting in the screen shown below). The default setting is to acquire all files and folders.
Page 111 OpenText Tableau Forensic TX1 Imager “Advanced logical imaging setup” on page 125 for details on the optional Advanced mode search. Regardless of whether you are including items in an empty dataset or excluding items from a full dataset, the same setup style is used to limit what is acquired, as covered in detail below.
Page 112 Individual files and/or folders can be manually selected simply by clicking on the orange box to the left of the desired item. In the example above, we have chosen to include /Users/BadGuy/Documents, /Users/BadGuy/Downloads, and Users/Default. Note the following items related to manual file/folder selection in this browse modal: •...
Page 113 OpenText Tableau Forensic TX1 Imager (up to four) and the selected filesystem tile will show in green, with a checkbox added to its parent drive tile. Selecting a filesystem will also open a drawer under the filesystem tile, which shows the options for logical imaging destinations, as follows: Job type: This allows selection of the desired output files types.
Page 114 Destination drives with no recognized filesystems are grayed out, with a warning message stating no filesystem is available. Such a drive can be formatted through the media utilities available on the drive details screen, which can be accessed by tapping the additional options menu (three vertical dots) at the right side of the drive tile, or from the Destinations button on the Home screen.
Page 115 OpenText Tableau Forensic TX1 Imager 8. To change the job settings, tap the 5 or Settings heading. Select the desired Hash type for the logical image job - MD5 and/or SHA-1. Note that hash values for source files will be calculated based on the chosen hash settings, even if no lx01 outputs are requested.
Page 116 indicate the error condition, which enables forensic analysis tools such as EnCase to indicate an error for the affected file(s). The default output Image name is shown and can be changed by tapping the field and typing in the desired name. The default image File size is shown and can be changed by tapping the desired size.
Page 117: Include/Exclude Criteria
OpenText Tableau Forensic TX1 Imager 9. Once you are satisfied with all the logical image job settings, tap the Start Logical Image button. 4.5.2 Include/exclude criteria From the main Files to Acquire window, searches can be added that will allow for targeted acquisition of specific file/directory criteria.
Page 118 Searches within a given job setup can be a mix of new and saved searches. Simply • tap the desired search entry method at the bottom of the last search criteria box (Add New Search or Add Saved Search) to add another search to the job. •...
Page 119 OpenText Tableau Forensic TX1 Imager Define what to include in the top selection box, our initial acquisition dataset is empty. Any configured searches will potentially add to that empty acquisition dataset. The file search options are covered in detail in the following sections. Before getting into...
Page 120 The following file type search parameters are available: • Archives • Databases Documents • • Emails Multimedia • Pictures • Custom • Each type other than Custom has a predefined list of extensions known to be associated with that type of file. The lists can be seen by tapping the blue help button (circle with question mark) to the right of the file type parameter field.
Page 121 OpenText Tableau Forensic TX1 Imager Wildcard Matching Rule Examples Character Matches any number of Law* any characters (including none). Matches: Law, Laws, Lawyer Does not match: NoLaw, La, aw *Law* Matches: Law, NoLaw, Lawyer Does not match: La, aw Matches any single character.
Page 122 4.5.2.3 Folder The Folder search parameter restricts the search to apply only to a specific folder or kinds of folders. The following folder search parameters are available: User Folders • • Operating System Folders • Non-Operating System Folders Custom Folder •...
Page 123: About The Logical Imaging Process
OpenText Tableau Forensic TX1 Imager 4.5.2.5 File date The File Date search parameter restricts the search to apply to only files in timestamp ranges, as follows: File Dates >= • • File Dates <= • File Dates in Range File Dates >= lets you specify a date and only match files with one or more timestamps on or after the given date.
Page 124 This status screen is similar to other TX1 job types, with the following notable differences: While the operation is scanning for more files to acquire, the progress bar is • displayed as an indeterminate bar (throbbing/pulsing bar with no data rate displayed). TX1 does not know how many bytes it needs to acquire until the scan is complete.
Page 125 OpenText Tableau Forensic TX1 Imager non-matching values in the Matched and Imaged fields on the Job Status screen at the end of the job and errors noted in the job’s metadata file. If you suspect drive/filesystem read errors during a logical imaging job, we recommend that you clone or physically image the drive (e01, ex01, dd, dmg) instead of trying to do a logical image.
Page 126 additional features are used, TX1 behaves the same as Basic mode except for minor changes to log text. Per Search Include/Exclude switches In Basic Logical Imaging Setup mode, all searches either include files or all searches exclude files. With Advanced Logical Imaging Setup, this can optionally be modified on a per search basis.
Page 127: File Extensions
OpenText Tableau Forensic TX1 Imager 4.5.4 File extensions During logical imaging, TX1 can search for file types with any of the following extensions. File Type File Extension Archives “7z”, “7zip” “zom”, “apk”, “xxe”, “uug”, “mim”, “tz”, “arj”, “zsm”, “zze”, “boo”, “bkp”, “bak”, “sav”, “bac”, “ful”, “bag”, “zso”, “bplist”, “bhx”, “mhk”, “bz”, “bz2”, “ckit”, “boz”, “ish”,...
Page 128: Folders
File Type File Extension Multimedia “bnk”, “rol”, “amr”, “amf”, “aif”, “aiff”, “avr”, “cda”, “aifc”, “cdm”, “idf”, “aac”, “pcm”, “ra”, “ram”, “wav”, “wma”, “zad”, “asf”, “awm”, “awa”, “divx”, “vob”, “f4p”, “f4v”, “swf”, “dvr- ms”, “mp4”, “asr”, “3g2”, “wm”, “wmv”, “filmstrip”, “flc”, “m4r”, “m4p”, “qtm”, “ic1”, “ic2”, “ic3”, “snd”, “avi”, “voc”, “dvm”, “flv”, “lza”, “mmm”, “mp3”, “m3d”, “mpg”, “mpeg”, “mps”, “mpv”, “mpa”, “mp2”, “13”, “m1s”, “m1v”, “m1a”,...
Page 129: Source File Metadata
OpenText Tableau Forensic TX1 Imager Folder Type Folder Name Operating System Folders “/Windows/”, “/WinNT/”, “/System/”, “/Program Files/”, “/Program Files (x86)/”, “/ProgramData/”, “/Applications/”, “/bin/”, “/dev/”, “/etc/”, “/sbin/”, “/usr/”, “/boot/”, “/lib/”, “/proc/”, “/sys/”, “/unix/” 4.5.6 Source file metadata Logical imaging with TX1 includes source file metadata in the csv output file.
Page 130: Verifying
Column Content File Status OK if there were no problems reading file data/metadata. ERRORS if there were errors reading file data and/or metadata. This field is empty for directories. Matched Rules “Y” if the file matched the acquisition’s rules for inclusion.
Page 132 3. Select a Packed log file. Browse the destination and locate an existing TX1 packed log file. Note: The packed log files will always appear at the top of the file list in a given source folder when browsing. This provides easy access to these types of files in situations where there are many segment files.
Page 133 OpenText Tableau Forensic TX1 Imager 4. Tap the Start Verification button at the bottom of the screen. The Information Company Copyright © 2022 Open Text. All rights reserved. Trademarks owned by Open Text.
Page 134: Browsing
The verification process begins. A Job Status modal displays the verification status. 5. To cancel the Verify operation, tap the Cancel button from the Jobs summary screen. When the Verify operation is complete, the results are displayed on a final Job Status screen.
Page 135: Viewing Text And Image Files
OpenText Tableau Forensic TX1 Imager In the browser portion of the window, you can scroll up and down the list of folders/files and tap individual folders to drill down to the desired level to expose the names of individual files located on the drive. The size of each file is shown at the end of the filename.
Page 136 TX1-generated packed log files (extension “tx1_packed_log”) can also be viewed directly on TX1. These files are used as input for Restore and Verify jobs. Being able to view these files before starting one of those jobs can help ensure the desired file is selected. Note: Viewing large text files (larger than 256 KB) results in undesirable screen update effects while scrolling through the file on TX1.
Page 137: Restoring
OpenText Tableau Forensic TX1 Imager view these HTML logs in their styled format, please use the Logs menu item on the side navigation bar. 4.8 Restoring The Restore function allows for recreation of the original drive format from a previously created TX1 image file.
Page 138 3. Enter Job notes, select a Source drive, and then select a Packed log file by browsing the source and selecting the appropriate TX1 packed log file. The Information Company Copyright © 2022 Open Text. All rights reserved. Trademarks owned by Open Text.
Page 139 OpenText Tableau Forensic TX1 Imager Note: The packed log files will always appear at the top of the file list in a given source folder when browsing. This provides easy access to these types of files in situations where there are many segment files.
Page 140 5. If desired, enable read-back verification. This will read the entire destination drive back after the Restore job is complete, calculate a read-back hash value, and compare that value with the original image file acquisition hash. The Information Company Copyright © 2022 Open Text. All rights reserved. Trademarks owned by Open Text.
Page 141 OpenText Tableau Forensic TX1 Imager 6. Tap the Start Restore button at the bottom of the screen. A Job Status modal is displayed. To cancel the Restore operation, tap the Cancel button from the Jobs summary screen. When the Restore operation completes, the results are displayed on-screen. The log for the completed job can be viewed by tapping on the View Log link on the right side of the top Job Status screen header or through the side navigation menu.
Page 142: Viewing Sources And Destinations
4.9 Viewing sources and destinations Tap the Sources or Destinations button on the Home screen to display the list of connected drives. The Information Company Copyright © 2022 Open Text. All rights reserved. Trademarks owned by Open Text.
Page 143 OpenText Tableau Forensic TX1 Imager Tap a drive row to view the drive details, to access Media Utilities, or tap the options icon located on the right side of the drive row to view more options. The Information Company Copyright © 2022 Open Text. All rights reserved. Trademarks owned by Open Text.
Page 144 The top blue section of the drive details screen displays the physical drive interface as well as the drive model, serial number, and size. Note: Partition read errors appear in the top blue section. When such errors are detected, the drive can be physically imaged to allow further analysis in a higher-level forensic tool such as EnCase Forensic.
Page 145 OpenText Tableau Forensic TX1 Imager In the Drive Utilization area, if the drive has one or more filesystems, tap the Entire drive menu to display a list of filesystems. Select a filesystem to display In use and Free utilization information. Note that changing this selection from Entire drive to one of the detected filesystems only changes the utilization information displayed in this specific sub-area of this screen.
Page 146: Encryption Detection
started upon source drive connection. The screenshot below shows an example of this new acquisition indication method. Note: The green checkmark that indicates a given drive has been successfully acquired will persist in the user interface until TX1 is power-cycled, at which time no drives will indicate they were acquired (despite the fact that they may have been in a previous TX1 session).
Page 147 OpenText Tableau Forensic TX1 Imager GuardianEdge Encryption (Plus, Anywhere, Hard Disk Encryption) • LUKS • McAfee Drive Encryption (SafeBoot) • Opal • • Sophos Safeguard (Enterprise and Easy/Ultimaco) Symantec Endpoint Encryption • • Symantec PGP Disk • WinMagic SecureDoc Full Disk Encryption...
Page 148 The sample screenshots below show the various places where encryption detection information appears. These examples reflect a drive with multiple partitions, with only one of them having BitLocker encryption. The Information Company Copyright © 2022 Open Text. All rights reserved. Trademarks owned by Open Text.
Page 149 OpenText Tableau Forensic TX1 Imager 4.9.1.1 Opal encryption Opal encryption is a unique, hardware-based encryption method that is managed by the controller on the drive with only minimal host system interaction. Opal is an industry standard created by the Trusted Computing Group (TCG) consortium that defines, among other things, the interface protocol to these types of hardware encrypted drives.
Page 150 See “Encryption unlock” on page 48 for information related to unlocking Opal SEDs. Note that Opal drives that have not had their encryption enabled will behave as regular, non-encrypted drives. Note: Docking station type devices that have Opal drives in them must support ATA command pass-through for TX1 to properly detect the presence of Opal encryption and allow it to be unlocked.
Page 151: Raid Detection
OpenText Tableau Forensic TX1 Imager nuanced Core Storage configurations exist that would prevent unequivocal FileVault 2 detection. In those cases, TX1 will revert to a warning message that indicates Core Storage has been detected and that FileVault 2 is possible.
Page 152 Highpoint (HPT37X HPT45X) • Intel Software RAID • JMicron JMB36x • LSI Logic MegaRAID • • NVidia NForce Promise FastTrack • • Silicon Image Medley • VIA Software RAID RAID detection information is always shown in the drive tile for a given drive, regardless of the viewing location within the user interface and what type of RAID is detected.
Page 153 OpenText Tableau Forensic TX1 Imager The sample screenshots below show how two different types of RAID drives are shown in the Sources drive list and the Drive Details screens. The Information Company Copyright © 2022 Open Text. All rights reserved. Trademarks owned by Open Text.
Page 154: Logs Module
4.10 Logs module TX1 generates a detailed log for all forensic jobs and most media utility operations. The detailed information captured in the logs will depend on the job type. A summary of the information captured for an image-based duplication job is shown below. See the sample logs at the end of this section for some specific job log examples.
Page 155 OpenText Tableau Forensic TX1 Imager Image Destination – Destination drive details, including readback verification hash • values (if enabled for the job), overall drive information (interface type, make/model number, firmware version, serial number, HPA/DCO/AMA related information, RAID and encryption information, size/layout information, and the partition table type), partition details, and filesystem specific information.
Page 156 Before showing some specific sample logs later in this section, let us cover the basic log management options available from the bottom of the log details screen. Resume Job – If highlighted (orange), then the job is resumable. See “Pausing and •...
Page 157: Html Logs
OpenText Tableau Forensic TX1 Imager 4.10.1 HTML logs TX1 will store forensic logs in both text and HTML file formats, in the same location as the forensic image files for a given job. While the core forensic information is the same between the two formats, HTML allows for styling and organization of the log data, such as bolding, coloring, and grouping items into collapsible sections.
Page 158 4.10.2.1 Log 1 -------------------------Start of TX1 Log Entry------------------------- Task: Disk Duplication Status: Ok Created: Thu Apr 7 11:09:56 2022 (UTC-0500) Started: Thu Apr 7 11:09:56 2022 (UTC-0500) Closed: Thu Apr 7 11:27:39 2022 (UTC-0500) Elapsed: 18 min Username: User1 Examiner: Hawkshaw Case ID: 537 ONN Case Notes:...
Page 159 OpenText Tableau Forensic TX1 Imager --------------------------------Imaging--------------------------------- Automated Job: No Output file format: Ex01 Chunk size in bytes: 0 (0 bytes) ---------------------------Image Destination---------------------------- Interface: SATA Port: SATA/SAS 2 Model: ATA ST3000DM001-1CH166 Firmware revision: CC43 Serial number: S1F0WNPD SCSI LUN: 0 Capacity in bytes: 3,000,592,982,016 (3.0 TB)
Page 160 4.10.2.2 Log 2 -------------------------Start of TX1 Log Entry------------------------- *** CAUTION: THE OPERATION RECORDED IN THIS LOG DID NOT COMPLETE NORMALLY Task: Image Readback Verification Status: Error/Failed Created: Thu Apr 7 11:27:59 2022 (UTC-0500) Started: Thu Apr 7 11:27:59 2022 (UTC-0500) Failed: Thu Apr 7 11:28:26 2022 (UTC-0500) Destination unreadable - 0xfb1ecc28838d027a...
Page 161 OpenText Tableau Forensic TX1 Imager There are three encryption related lines in a log for each drive that was part of the job, as follows: Opal Encryption: This section of the log has two sub-fields: Supported (Yes/No) • and Locked (Yes/No).
Page 162: Filtering Logs
4.10.3 Filtering logs TX1 can store up to 100 forensic logs. To make it easier to view, export, and delete specific logs of interest, a Filter Logs feature has been provided. To filter the log list, simply tap the log filter icon at the bottom left side of the log list screen.
Page 163: Remote Web Interface
OpenText Tableau Forensic TX1 Imager Once the desired filter parameters are set, simply close the Filter Logs window to see the list of logs that match your chosen parameters. The number of logs that matched your filter parameters is shown next to the filter icon in the bottom of the log list window. This subset of logs can be viewed on the unit, exported to external media, or deleted.
Page 164: Ssl Certificate Setup And Installation
Locking the system (PIN lock) from any location (local or any remote user instance) • will lock all the active screens. 4.11.1 SSL certificate setup and installation TX1 uses SSL certificates to ensure secure communication during remote sessions. By default, TX1 generates a new self-signed certificate on power up if one does not already exist on the system.
Page 165 OpenText Tableau Forensic TX1 Imager 2. Scroll to the bottom of the screen. 3. You have two options: To create a new self-signed certificate: • 1. Tap Generate New Cert. A warning modal appears asking you to confirm generation of a new self-signed SSL certificate and system reboot.
Page 166: Accessing Tx1 Remotely
Once you install your own certificate, TX1 will retain it in the event of reboot or power disruption. Manually generating a TX1 self-signed certificate will overwrite your own certificate and return TX1 to the default state of generating a new self-signed certificate upon annual expiration. Note: TX1 remote user interface has been validated for use with the following web browsers: Chrome (v86.0.4240.75), Firefox (v81.0.2), and Safari (v13.2.1).
Page 167 OpenText Tableau Forensic TX1 Imager 2. Connect TX1 to your local area network with an Ethernet cable. 3. Obtain the assigned IP address from the side navigation menu, as shown below. 4. Open a web browser of your choice on a computer/device that is connected to the same local area network as TX1, type TX1’s IP address (or hostname) into the...
Page 168 Note: The SSL certificate will show as invalid for TX1 at this time. An exception will need to be made to view the remote user interface. The Information Company Copyright © 2022 Open Text. All rights reserved. Trademarks owned by Open Text.
Page 169: Adapters
OpenText Tableau Forensic TX1 Imager 5. Enter the username and password, and the TX1 user interface should appear in your browser, as shown below. Note: If any TX1 units in your network environment have a custom hostname defined (in the Network Settings screen), that hostname will be displayed in the browser tab when the unit is accessed remotely.
Page 170: Pcie Ssd Adapters
drive, adapter, or TX1. TX1 must be powered down before removing the drive from any Tableau PCIe adapter or removing a PCIe drive/adapter from the TX1 PCIe port. 5.1 PCIe SSD adapters Tableau PCIe SSD adapters enable the acquisition of PCIe based SSDs of various types via TX1’s PCIE source port.
Page 171: Pcie Firewire Adapter (Tda7-9)
OpenText Tableau Forensic TX1 Imager 3. Power on TX1. 4. The Sources drive counter will increment by one to let you know your IDE drive is connected. Tap the Sources tab to view IDE drive details. 5.3 PCIe FireWire adapter (TDA7–9) The PCIe FireWire adapter (TDA7-9) enables the acquisition of FireWire drives via the TX1’s PCIe source port.
Page 172: Usb-C To Usb-A Adapter Cable
Note: Beginning in December, 2017, some Apple devices started using a new secure enclave interface to their integrated SSDs, which has created challenges for forensic examiners. The core of the secure enclave interface is the T2 chip, which sits between the internal memory devices and anything that needs access to that memory.
Page 173: Thunderbolt 2 Adapter Cable
OpenText Tableau Forensic TX1 Imager 5.4.3 Thunderbolt 2 adapter cable Adapting from a Thunderbolt 2 connector on a Mac to TX1 requires two separate adapters/cables. A Thunderbolt 2 to FireWire 800 (9-pin) adapter is used along with the same FireWire 800 (9-pin to 9-pin) cable shown above to connect between the Thunderbolt 2 port on the Macintosh and the TX1 FireWire 800 port.
Page 174 PCIe One PCIe (10 GBPS) adapter connector Drive Power Two 3M-style 4-pin power connectors for SATA/SAS drive power Connectors: Destination Side SATA/SAS Two SATA/SAS (6 GBPS) signal connectors One USB 3.1 Gen 1 (5 GBPS) Standard-A connector TX1-S1 One TX1-S1 (Two SATA/SAS 6 GBPS) signal connector Drive Power Two 3M-style 4-pin power connectors for SATA/SAS drive power Connectors: Miscellaneous...
Page 175: Troubleshooting Common Problems
OpenText Tableau Forensic TX1 Imager Dimensions 9.5 in. (L) x 6.5 in. (W) x 2.625 in. (H) Weight 35 oz (980 g) Storage -20 to 70° Celsius Temperature Range Operating 0 to 40° Celsius ambient (room temperature) Temperature Range Relative...
Page 176: Thermal Issues
This includes the inlet vents on both sides of the unit and the fan outlet vent in the rear. If there are no obstructions to these airflow vents, then please contact OpenText Customer Support at your earliest convenience for further guidance.
Page 177: Problems Detecting Apple Devices In Target Disk Mode
(https://security.opentext.com/tableau/download-center) to see if any firmware updates are available for TX1. If there are no firmware updates available to resolve your detection issue, please contact your Tableau reseller or OpenText Customer Support to report your issue or ask for further assistance. 6.2.4...
Page 178 connections are not uncommon. The table below lists the most common issues seen when trying to mount and acquire an Apple computer in TDM. Problem Corrective Action No detection on TX1; Apple Pressing the “T” key on the keyboard during bootup is how computer boots to normal Apple computers are put into target disk mode.
Page 179: Long Time To Complete Locally Initiated Firmware Update
Customer Support for resolution options. Note that the original SD cards are easy to identify as they have the Guidance Software “G” logo in the bottom right corner of the label. New SD cards have the OpenText logo. 6.2.6 Real-time clock data retention issue Under normal operating conditions, the real-time clock on your TX1 should retain the time and date settings for the life of the product.
Page 180: About Opentext
About OpenText OpenText enables the digital world, creating a better way for organizations to work with information, on-premises or in the cloud. For more information about OpenText (NASDAQ/TSX: OTEX), visit opentext.com. Connect with us: OpenText CEO Mark Barrenechea’s blog Twitter...

OPENTEXT Tableau TX1 User Manual

Quick Links

Troubleshooting

Need help?

Questions and answers

Related Manuals for OPENTEXT Tableau TX1

Summary of Contents for OPENTEXT Tableau TX1

Table of Contents