±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 33061
New Yesterday: 3 Visitors: 180

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Imaging across a network

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2, 3, 4  Next 
  

Imaging across a network

Post Posted: Sat Aug 21, 2004 3:46 am

Hi all, I wanted to start a discussion off relating 'imaging', and the use of EnCase. Does anyone image to a server across a network? and If so what tools do you use?

In the labs where I work, we image directly to a 3 terabyte network file server (Win2000), on a gigabit network. Its quite fast, almost as fast as imaging locally. We also investigate the acquired image across the network without any noticable lag. And because we use EnCase evidence files we do not consider integrity of the image to be an issue (no requirement to use a wiped hard drive to store it, etc).

Has anyone done the same using Linux or open source software, and if so what are your expereinces, techniques and methodologies?

Forgive me Jamie if I posted in the wrong part of the forum, I though it appropriate for it to go here Smile

Andy  

Last edited by Andy on Sat Oct 02, 2004 2:45 am; edited 2 times in total

Andy
Senior Member
 
 
  

Re: Imaging across a network

Post Posted: Sat Aug 21, 2004 5:59 am

I though it appropriate for it to go here


Oh, absolutely. I'm looking forward to hearing from some of our members with "real world" experience of open source forensics. To the best of your knowledge, Andy, are any UK police forces using open source solutions (instead of e.g. EnCase)? No need to mention any names.

Jamie
_________________
Jamie Morris
Forensic Focus
Web: www.forensicfocus.com
Twitter: twitter.com/ForensicFocus
Facebook: www.facebook.com/forensicfocus
Google+: www.google.com/+ForensicFocus 

jamie
Site Admin
 
 
  

Re: Imaging across a network

Post Posted: Sat Aug 21, 2004 7:31 am

On the pro side of open source stuff, it has one major advantage – it’s free, but what’s that saying “Linux is free only if your time is worthless”. Linux open source tools do take time to learn and get to grips with, especially if you come from a Windows background.

Let’s not forget about the granddaddy of forensic tools – Norton disk edit. Does anyone still use it?  

Last edited by Andy on Mon Aug 01, 2005 8:06 am; edited 1 time in total

Andy
Senior Member
 
 
  

Re: Imaging across a network

Post Posted: Mon Aug 23, 2004 7:50 pm

Open source computer forensics.........hmmmm. If you use it on a civil or criminal case will you be able to go to court, or survive a depostion? Even "in house" investigations can go to hearing or the court room. FREE open source forensics tools may not pass muster when there are professional grade, court qualified computer forensics tools that have already survived the court process, and are accepted.
_________________
Stockham Computer Forensics and Investigations
CA Licensed PI
www.hitechpi.net
 

hitechpi
Member
 
 
  

Re: Imaging across a network

Post Posted: Tue Aug 24, 2004 11:39 am

I have heard the use of the commercial tools as ‘point & click’ forensics, said in a scornful manner, but at the end of the day if it works and halves your time, then it must be cost effective, and over the course of a few months the amount of work you can accomplish with a commercial product will pay for itself.


Yes, agreed. I've heard the same disparaging remarks about "point & click" forensics. Where I do think criticism is valid is when (perhaps inevitably?) the use of commercial packages leads to the rise of a certain type of investigator who is proficient at going through the motions with little understanding of what's going on "behind the scenes". That's not a criticism of the software itself, of course, more a reflection of certain organisations' priorities, and in practice probably makes little difference most of the time. There are times, though, when a deeper understanding of what's really going on is the only way to progress in an investigation and I sometimes worry that that depth of knowledge is undervalued in certain types of organisations.

That said, I'm still in full agreement that the efficiency gains offered by commercial packages (not to mention their accepted status in the courts) provide a compelling case for their use.

Cheers,

Jamie
_________________
Jamie Morris
Forensic Focus
Web: www.forensicfocus.com
Twitter: twitter.com/ForensicFocus
Facebook: www.facebook.com/forensicfocus
Google+: www.google.com/+ForensicFocus 

jamie
Site Admin
 
 
  

Re: Imaging across a network

Post Posted: Tue Aug 24, 2004 11:42 am

And before I forget, hitechpi...welcome to Forensic Focus!

Jamie
_________________
Jamie Morris
Forensic Focus
Web: www.forensicfocus.com
Twitter: twitter.com/ForensicFocus
Facebook: www.facebook.com/forensicfocus
Google+: www.google.com/+ForensicFocus 

jamie
Site Admin
 
 
  

Re: Imaging across a network

Post Posted: Tue Sep 14, 2004 8:10 am

- hitechpi
Open source computer forensics.........hmmmm. If you use it on a civil or criminal case will you be able to go to court, or survive a depostion? Even "in house" investigations can go to hearing or the court room. FREE open source forensics tools may not pass muster when there are professional grade, court qualified computer forensics tools that have already survived the court process, and are accepted.


I think this is simplistic way to look at this software and reflects a generalised fear of OSS that is prevalent among some software consumers. Any tool may not pass muster when put to the test. Indeed, I have rejected many tools both open and closed source because they do not behave in a fashion consistent with a forensic investigation.

We must clearly differentiate between free as in beer software be it freeware, shareware or Beta software and free as in thought software which is where the Open source movement resides with licences such as the GPL and BSD.

There are a number of applications where OSS clear dominates the market not on the basis of price. In fact I know of no examples where OSS predominates on the basis of its perceived low price.

In the final analysis, I don't like standing behind a item of software where I do not have access to the source code. Do you think the fact that you cannot vouch for the correct operation or have a full understanding of the logic behind operations provided by commercial organisations hampers you in investigations?
_________________

"People who are willing to sacrifice essential freedoms for security deserve neither freedom nor security."
--Benjamin Franklin 

tusk
Newbie
 
 

Page 1 of 4
Go to page 1, 2, 3, 4  Next