Forensic Packet Capture Appliances

IPCopper offers both forensic and continuous-loop packet capture appliances. Forensic packet capture is also referred to as "lossless", since the appliance ceases recording once memory is full, rather than overwriting or deleting any data. Forensic-class packet capture incorporates two things:

  1. The captured data cannot be modified, deleted or overwritten
  2. The data can be authenticated post-capture.

In addition to the above, forensic IPCopper models are both portable and compact, allowing installation practically anywhere.

Lossless forensic packet capture is important for investigating and collecting evidence for the prosecution of cybercrime, digital / electronic data theft, data breaches, network intrusions, hacking and cyberespionage. The network forensics evidence collected by full forensic packet capture is complete, unalterable and unerasable (unless extraordinary measures are taken) and can be authenticated for use in court. With the arrival of antiforensics, packet capture appliances have become increasingly important tools for establishing digital timelines and substantiating digital evidence.

Once our forensic packet capture appliances reach their capacity, they cease capturing and processing traffic in order to keep their recorded data intact. By comparison, once our models with continuous-loop data storage reach capacity, they continue capturing IP activity and overwrite the oldest captured data with the newest.

Forensic-class models

Memory Capacity
Peak Capture Speed
Min. Sustained Capture Speed
Min. Sustained Packet Rate (packets/second)


1 TB
1 Gbps
400 Mbps


2 TB
1 Gbps
400 Mbps
Report: Marketing Cybercrime to Infect America