Welcome to Logicube’s tutorial on the Forensic Falcon NEO. In this episode, we’ll show you how to perform a logical image.

The logical imaging feature of Falcon NEO shortens the evidence collection process by allowing investigators to select and acquire only the specific files they need, rather than the entire physical drive. Users can create logical images from source drives locally attached to the Falcon NEO, or from a network repository.

To perform a logical image, we’ll choose the Mode icon and select ‘File to File’. Choose the source drive – we’ll choose S1 – and then choose the Settings icon. Under the Settings icon you can add case information by clicking on the Case Info icon. So you can add a case filename, case ID, examiner, case notes, whatever you like.

Then we’re going to select the Root Directory icon. In this screen, the top-level directory can be set…