Image MASSter Solo2 Forensics, of which this review covers the Professional version, is a hand-held unit designed to help investigators seize copies of the hard disk of a suspect PC.

The bulk of the machine is an empty cavity, into which you start by installing a hard drive of your choice. Through the various connectors on the outside of the machine (IDE, SCSI, Centronics, PC Card) you can then copy an image of a suspect drive to the device. Having done so, you then return to your office and analyze it. You can either do this by plugging the drive into your desktop PC, or there's an option to reverse the direction of the seizure and thus squirt the contents of the evidence drive onto your own PC. It'll even write to a CD-R drive directly, and span large drives across multiple disks.

An optional printer lets you keep a record of jobs done, as proof that a full image of a particular drive (the drive's serial number is included) was taken and verified on a particular date. All of which, on paper at least, makes the Image MASSter sound like quite a useful addition to a forensic investigator's kit. Especially when you also realize that the thing is operating system independent and will just as happily grab images from the drive in a PC, Mac or Unix box. Sadly, though, the more you use the device, the more you realize that it is only of limited use and doesn’t quite live up to the promises made by its promotional material.

Let's start with the attention to detail, or rather the lack of it. The printed manual supplied with the device is poorly organized and confusing. It refers to the evidence drive, the copy drive, the internal drive and the target drive, all of which turn out to be the same thing. Nowhere in the manual is it explained how to open the case in order to install the hard drive, and it took me a while to find the hidden catch. When you're finally inside, there are connectors for either a full-size or laptop IDE drive.

ICS really goes to town in the way it includes all the accessories you might need. There are screwdrivers and torches, for example, for poking around inside a suspect PC in order to connect one of the myriad of supplied cables between the suspect's drive and the Image MASSter. A write blocker device is included, to ensure that the suspect machine doesn't write to its own drive while booting and thus destroy evidence. Just about the only things missing are the two most important - an empty evidence drive and a mains power cable.

If you'd rather not poke about in PC cases you can simply connect the supplied Centronics cable between the unit and the suspect PC, then boot off the supplied floppy in order to take an image. Except that it's not actually quite that simple. The so-called bootable floppy isn't bootable, presumably because that would require an MS-DOS license payment to Microsoft. So the first thing you need to do is a SYS A: command. Not only does this look shoddy, but it means that the master diskette needs to ship in a write-enabled state. Which goes against just about every anti-virus precaution that I can think of. As, of course, does changing the BIOS options in order to force the PC to boot from a floppy in the first place. Neither is there an AUTOEXEC.BAT file on the floppy, so you have to type commands manually once it's booted in order to start communications between the suspect PC and the Image MASSter.

Image MASSter's internal software is flash-upgradeable via yet another supplied cable. To perform any operation you have to tunnel down into the menus, choosing your settings as you go, then back out to the main menu before hitting ‘Go’ to start the procedure. In addition, wiping the evidence drive is achieved by setting the Copy mode option to Wipe. Since when is wiping a form of copying?