My Forensic Collection SSD (Samsung T7) Setup

Samsung T7 SSD

This is my personal, 100% free forensic collection SSD setup — built for speed, reliability, and dual-boot compatibility. Feel free to copy or improve it!

Any fast USB-C SSD ≥1 TB works. I just happened to have a T7.

Required Free Tools

DumpIt – Magnet Forensics
EDD – Magnet Forensics
KAPE – SANS / Eric Zimmerman
FTK Imager – Exterro

Goal: Dual-Partition Layout

Partition 1 → NTFS (Windows tools + case folders)
Partition 2 → EXT4 (Linux tools / persistence)

Step-by-Step Partitioning Guide

1. Plug in drive and identify device name

lsblk

lsblk output showing the T7 as /dev/sda

2. Unmount the drive from the system

(Replace sda1 with whatever partitions are currently mounted)

umount /dev/sda1
umount /dev/sda2   # if it exists

3. Launch gdisk on the correct device

gdisk /dev/sda

4. Delete any existing partitions

o → deletes all partitions and creates new MBR
w → writes to GPT. (write and save)

o w

Deleting existing partition

5. Create first partition — NTFS (Windows side)

n → create new partition
1 → partition number 1
<enter> → default first sector
+500G → size (adjust as needed)
0700 → Microsoft basic data (NTFS)

n
1
<enter>
+500G
0700

Creating NTFS partition

6. Create second partition — EXT4 (Linux side)

n → new partition
2 → partition number 2
<enter> → start after previous
<enter> → use rest of disk
8300 → Linux filesystem

n
2
<enter>
<enter>
8300

Creating EXT4 partition

7. Write and save the new partition table

w → write changes to disk and exit

Writing partition table

8. Format the partitions

NTFS partition:

mkfs.ntfs -f -L TOOLKIT_NTFS /dev/sda1

EXT4 partition:

mkfs.ext4 -L TOOLKIT_LINUX /dev/sda2

Formatting both partitions

9. Final verification

lsblk -f

Final lsblk showing both NTFS and EXT4

Recommended Folder Structure (NTFS side)

Final folder layout

Final folder layout

Final folder layout

1-Memory → DumpIt.exe
2-Encryption → EDDv310.exe
3-Disk → KAPE, FTK Imager, etc.
Cases → All evidence goes here
Tools → Extra utilities

Download & Install Tools (After Partitioning)

1. Download DumpIt (Memory Acquisition)

https://www.magnetforensics.com/resources/magnet-dumpit-for-windows/

Fill in form → get email with download link
Download ZIP → extract → place DumpIt.exe in 1-Memory/

DumpIt.exe in 1-Memory folder

DumpIt.exe in 1-Memory folder

DumpIt.exe in 1-Memory folder

DumpIt.exe in 1-Memory folder

2. Download EDD (Encrypted Disk Detector)

https://www.magnetforensics.com/resources/encrypted-disk-detector/

Fill in form → get email
Download ZIP → extract → place EDDV310.exe in 2-Encryption/

EDD in 2-Encryption folder

EDD in 2-Encryption folder

EDD in 2-Encryption folder

3. Download KAPE (Triage Collection)

https://www.sans.org/tools/kape

Fill in form → get email
Download ZIP → extract entire folder to 3-Disk/KAPE/

KAPE folder in 3-Disk

KAPE folder in 3-Disk

KAPE folder in 3-Disk

4. Download FTK Imager

https://www.exterro.com/ftk-product-downloads/ftk-imager-pro-8-2-0-26

Download installer
Run installer → install to 3-Disk/FTK Imager/

FTK Imager installed in 3-Disk

FTK Imager installed in 3-Disk

FTK Imager installed in 3-Disk

Done!

Your forensic collection SSD is now fully configured and ready for field use.

See it in action in my Windows DFIR TTP Guide.

Happy hunting!