Hi,
Obviously using remote forensics gives you the ability to remotely acquire data from multiple Hosts and view this in your local location as a share for example.
Options
Now i have looked at a view options for remote acquisation and the one i like is F response tool
https://
Also i know Paraban do a good solution for remote forensics as well but it is double the price.
My question is really does anyone know of any other options? Also a company informed me that they use open source tools for remote acquisition, are there any recommended free tools for this?
We have encase forensic version currently. If you upgraded to encase enterprise version and used the remote acquisition tool within this software, is it any good?
thanks for any help,
David
Full disclosure I work for Guidance Software.
Since you already have EnCase Forensic, you could try the "Direct Network Preview" tool. You can perform remote forensics, on one endpoint at a time.
I wrote a blog post on this a while back describing on
It allows remote preview, full disk or logical acquisition as well as volatile data capture (running processes, open ports, live ram dump, etc.). Hope this helps.
Regards,
Ken Mizota
Hi,
Thanks for the response.
The problem with the "Direct Network Preview" is although it works well. Don't you have to get the user to install the installer onto their laptop? I can't do that remotely?
If i am investigating someone i can't ask them to install the installer. Maybe i am wrong here?
thanks for your help,
David
Passmark's OSForensics may be worth looking at
http//
David you mentioned EnCase needs to setup an installer but I assume every piece of software needs to be run on the suspects computer.
You need some kind of access/rights to push a servlet. Same problem with f-response or any other piece of software.