The Acorn is our flagship product — a Linux-based forensic workstation preloaded with over 70 open-source DFIR tools, a proprietary USB write-blocker, and a custom-built GUI for tool management and training resources.

Which forensic tools are included on The Acorn?

The Acorn comes with tools for imaging (e.g. Guymager), log analysis (e.g. Hayabusa), memory forensics, network forensics, hash verification, live response, and more. A full list is available in the Sleuthy’s Picks interface.

Can I add or remove tools?

Yes. The Acorn supports tool customisation via a simple GUI. You can install or remove tools using the Sleuthy’s Picks interface without needing command-line experience.

Does The Acorn support APFS, NTFS, and Linux file systems?

Yes. It can read Apple (APFS), Windows (NTFS), and Linux (ext4, Btrfs, etc.) file systems out of the box.

Is The Acorn suitable for live response and incident handling?

Absolutely. With tools like Velociraptor, Nmap, and custom scripts, The Acorn can support live endpoint response and analysis.

Does The Acorn support forensic imaging?

Yes. Tools like Guymager and ddrescue-view enable bit-for-bit imaging with hash verification.

Is the software open source?

Yes. All preloaded tools are open-source or free for forensic use, eliminating ongoing license costs.

Can I use The Acorn in court-admissible investigations?

Yes. With proper procedures and documentation, The Acorn supports workflows compliant with digital forensic best practices.

Is training available?

We provide detailed documentation and training materials built into The Acorn. Additional online tutorials and walkthroughs are being added continuously.

Can students or universities use The Acorn?

Yes. The Acorn is ideal for forensic education. We offer academic pricing and support for bulk licensing.

How long does it take to learn The Acorn?

Most IT-literate users can get up to speed in 1–2 days. The GUI simplifies access to complex tools.

Where can I buy The Acorn?

You can purchase The Acorn directly via our website, with international shipping available.

Yes. The Acorn includes a 3-year limited warranty.

Do you ship internationally?

Yes. We ship globally with Delivered Duty Paid (DDP) options to avoid customs delays.

What is the lead time for orders?

Standard orders typically ship within 7–10 working days. Bulk or customised orders may take longer.

How do I get technical support?

You can contact us at support@sqfr.uk or use the contact form on our website. Documentation and troubleshooting guides are also included on The Acorn.

Can I request a demo?

Yes. Use our Demo Request form to schedule a walk-through tailored to your needs.

FAQs - The Acorn Forensic Workstation

Q: What is Squirrel Forensics?

Squirrel Forensics Ltd is a UK-based company providing affordable, portable digital forensic solutions built on open-source technology. We serve investigators, incident responders, educators, and enthusiasts.

Q: Who is The Acorn designed for?

It’s built for digital forensic analysts, incident responders, students, law enforcement teams, and anyone needing a portable, low-cost forensic platform.

Q: Does The Acorn include a write blocker?

Yes. It features a built-in USB write blocker with a GUI interface for safe evidence acquisition.

Q: What are the specifications of The Acorn?

Intel i5 Processor, 8GB DDR4 (Upgradeable), 256GB SSD, Dual HDMI, USB 3.2, USB-C, Ubuntu 24.04 LTS (Xfce), Portable 12V power input, Optional external display.

Q: Is The Acorn fan-cooled?

Yes. Active cooling ensures stable performance during forensic acquisition and processing.

The Acorn – Frequently Asked Questions (FAQs)

General

What is Squirrel Forensics?

Squirrel Forensics Ltd develops affordable digital forensics and incident response solutions for investigators, cybersecurity teams, educators and students.

What is The Acorn?

The Acorn is a portable digital forensics and incident response workstation that combines evidence acquisition, forensic analysis, write-blocking controls, investigation workflows and reporting capabilities within a Linux-based environment.

Who is The Acorn designed for?

The Acorn is designed for:

Digital forensic investigators
Incident response teams
Cybersecurity professionals
Law enforcement
Universities and training providers
Students and researchers
IT service providers

Write-Blocking & Evidence Protection

Does The Acorn include a write blocker?

Yes. The Acorn includes proprietary evidence protection controls designed to help investigators safely access evidential media using read-only workflows.

How does The Acorn protect evidential media?

The Acorn uses kernel-level read-only controls and managed access workflows to help prevent accidental modification of evidence drives.

Can I switch a device from read-only to read-write?

Yes. Controlled workflows allow investigators to change device access when appropriate while maintaining visibility of the device state.

Has the write-blocking system been tested?

The evidence protection architecture has undergone extensive development and testing to support forensic acquisition and examination workflows.

Integrated Forensic Tools

What investigation activities can The Acorn support?

The Acorn supports a broad range of digital forensics and incident response workflows, including evidence acquisition, evidence protection, forensic analysis, incident response and investigation reporting.

Examples include:

Evidence acquisition and forensic imaging
Write-blocking and evidence protection
File system analysis
Timeline reconstruction
Memory forensics
Network investigations
Log analysis and threat hunting
Endpoint visibility and live response
Data recovery
Malware analysis
Open-source investigations
Cloud investigations
Incident response activities
Investigation reporting and evidential outputs
Evidence verification and hash validation
Mobile device investigations
Email and communication analysis
Digital artefact examination

The Acorn is designed to support the practical workflows commonly used by digital forensic investigators, incident responders, cybersecurity teams, educators and students.

Can I install additional tools?

Yes. The Linux-based platform allows investigators to install and customise additional applications if required.

Are the included tools open source?

Most integrated tools are open-source projects developed and maintained by their respective communities and authors.

Investigation Workflows & Outputs

What investigation workflows can The Acorn support?

The Acorn is designed to support end-to-end digital forensics and incident response workflows, including:

Evidence acquisition and preservation
Evidence verification and integrity checking
File system and artefact analysis
Timeline reconstruction and event analysis
Memory forensics and live response
Network capture and network investigations
Log analysis and threat hunting
Malware investigation and IOC searching
Data recovery and file carving
Incident response and breach investigations
Report generation and evidential outputs

What types of outputs can be generated?

Outputs depend on the tool being used and may include:

Investigation reports
HTML reports
PDF reports
CSV files
JSON files
XML files
TXT files
Timeline data
Hash verification results
Evidence acquisition records
Audit logs
Log analysis outputs
Network analysis results
Packet capture (PCAP) files
Memory analysis results
Malware analysis results
Indicators of compromise (IOC) findings
Artefact extraction results
File recovery reports
Screenshots and visual evidence
Structured evidential outputs for case documentation

Can investigation results be exported?

Yes. Many integrated tools support exporting reports, evidence summaries and structured investigation results.

Universities & Training

Is The Acorn suitable for universities?

Yes. The Acorn was designed to provide an affordable and practical platform for teaching digital forensics and incident response. Its Linux-based environment, integrated forensic toolset and portable design allow students to gain hands-on experience using technologies and workflows commonly encountered in real-world investigations. The platform supports both classroom teaching and independent research projects while reducing the cost barriers often associated with commercial forensic software.

Can students use The Acorn?

Yes. The Acorn is suitable for students learning digital forensics, incident response and cybersecurity. Students can gain practical experience in evidence acquisition, forensic analysis, reporting and investigative workflows while developing familiarity with Linux-based forensic environments and open-source investigation tools. The portable design also allows learning to take place outside dedicated laboratory environments.

What topics can be taught using The Acorn?

The Acorn supports a wide range of teaching, research and practical investigation activities, including:

Evidence acquisition and forensic imaging
Write-blocking and evidence protection
File system and artefact analysis
Timeline reconstruction
Memory forensics
Network investigations
Log analysis and threat hunting
Endpoint visibility and live response
Data recovery and file carving
Malware analysis
Open-source intelligence (OSINT)
Cloud investigations
Incident response workflows
Investigation reporting and documentation

Why do universities choose The Acorn?

Universities value the Acorn because it combines affordability, portability and practical DFIR workflows within a single platform. The integrated toolset aligns with many digital forensics and cybersecurity curricula, allowing students to learn multiple investigative techniques without requiring numerous separate systems. The Linux-based environment provides valuable exposure to operating systems widely used throughout digital forensics, cybersecurity and incident response, complementing the Windows-based environments many students already encounter. The built-in kernel-level evidence protection controls also help teach the importance of evidential integrity and forensic best practices. Its compact design allows teaching and demonstrations to take place anywhere on campus rather than being limited to a dedicated forensic laboratory.

Incident Response

Is The Acorn suitable for incident response?

Yes. The Acorn includes tools commonly used for live response, endpoint visibility, network analysis and log investigation activities.

Can The Acorn be used onsite?

Yes. Its compact design makes it suitable for field deployments, remote locations and customer environments.

Security & Platform Protection

How secure is The Acorn?

The Acorn has been designed with security, evidence protection and investigator control in mind. The platform combines a Linux-based operating system, locally installed forensic tools and built-in evidence protection controls to support secure digital forensic and incident response workflows.

Why does The Acorn use Linux?

Linux is widely used throughout digital forensics, cybersecurity and incident response communities globally. The Linux-based environment provides investigators with access to a broad range of forensic and security tools while offering flexibility, transparency and control over the investigation environment.

The platform also helps investigators and students develop practical experience with operating systems commonly encountered within DFIR and cybersecurity disciplines. In addition, Linux enables access to many powerful open-source forensic and incident response tools that are widely used for evidence acquisition, forensic analysis, threat hunting and investigative workflows.

Does The Acorn require cloud services?

No. The integrated forensic and incident response toolset operates locally on The Acorn and does not depend on cloud-based services to perform core investigation activities. This allows many evidence acquisition, forensic analysis and reporting workflows to be conducted entirely offline when required.

Can The Acorn be used in secure or isolated environments?

Yes. Because the integrated forensic tools operate locally, The Acorn can be used in environments where internet access is restricted, unavailable or intentionally disabled. This makes it suitable for secure investigations, customer environments, laboratories, training facilities and other controlled environments.

How does The Acorn help protect evidential media?

The Acorn includes proprietary evidence protection controls that use kernel-level read-only mechanisms and controlled access workflows to help prevent accidental modification of evidential media during forensic examinations.

Hardware & Tech Specs

What are the specifications of The Acorn?

Technical Specifications:

Processor: Intel® N95 (4C/4T, up to 3.4 GHz, 6MB Cache, 15W TDP)
Graphics: Intel® UHD Graphics (1.25GHz) – Supports 3x 4K Displays via 2x HDMI 2.0 + 1x USB-C (Alt-DP)
Memory: 8GB DDR4-3200 SODIMM – Upgradeable to 32GB (Contact us for pricing)
Linux OS: Ubuntu 24.04 LTS (64-bit) pre-installed
Storage: 256GB SATA SSD – Upgradeable: M.2 PCIe NVMe up to 8TB or 2.5” SATA SSD up to 8TB – (Contact us for pricing)
Networking: 1x Intel® 2.5Gb LAN (i225-V)
Wireless Connectivity: Intel® AC 7265 Wi-Fi + Bluetooth 5.0
USB Ports:
- Front: 2x USB 3.2 Gen2 Type-A, 1x USB 3.0 Type-C (Alt-DP)
- Rear: 2x USB 3.2 Gen2 Type-A
Additional I/O:
- 3.5mm Front Stereo Headset Jack
- MicroSD Card Slot
- Kensington Lock Support
Power: 12V, 36W Power Supply (Multi-region PSU included: UK, EU, USA)
Mounting: VESA Mount Kit Included

Can I connect The Acorn to other displays or devices?

Yes. The Acorn supports dual HDMI output and USB-C, making it suitable for split-screen workflows or connecting to lab equipment.

Is The Acorn fan-cooled?

Yes.

Still have questions not covered in our FAQ’s? Contact Us and we’ll be happy to help.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.