±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36738
New Yesterday: 0 Visitors: 100

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Data collecting

Discussion of computer forensics employment and career issues.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

ChocolateDonut
Newbie
 

Data collecting

Post Posted: Jul 06, 06 01:38

I have a week and a half to put together some sort of data collection protocol for client ediscovery and harvest data. We are starting with scratch and I a a *little* bit nervous. I have read a fair amount of posts (thank you thank you for this helpful forum) and have done my own research, but I would love some input on what you think might be a good set-up. I have looked at EnCase and some other software- helix, Ghost.. and so far like the looks of EnCase for my purpose. Would it have to be run off a laptop? If I just use windows explorer and Ghost would I be destroying metadata? if you were a litigation paralegal, running Summation 2.7.2, how would you set up a data harvesting protocol? Any advice is very appreciated!

~A  
 
  

debaser_
Senior Member
 

Re: Data collecting

Post Posted: Jul 06, 06 02:00

By data harvesting protocol, do you mean a set procedure by which machines in question are imaged in a manner that will enable discovery to take place? ie. sector by sector copy.

If this is all you are doing then encase is way more than you need. To keep it simple and effective id say go for FTK Imager.

If im wrong about what you are asking, then hey it happens Razz  
 
  

ChocolateDonut
Newbie
 

Re: Data collecting

Post Posted: Jul 06, 06 02:37

more specifically, I would like a non-obtrusive (quick/little affect on business) method - if that would be bit-stream copy or term-searched active files - I do not necessarily need the free space copy, but whatever's clever.

Data will be collected from C drives and a server.

Thanks, I'll check out FTK  
 
  

debaser_
Senior Member
 

Re: Data collecting

Post Posted: Jul 06, 06 02:45

- ChocolateDonut
more specifically, I would like a non-obtrusive (quick/little affect on business) method - if that would be bit-stream copy or term-searched active files - I do not necessarily need the free space copy, but whatever's clever.

Data will be collected from C drives and a server.

Thanks, I'll check out FTK


If you want a forensically sound image you will need the free space. Unallocated space is where you will find files that have been deleted.

It sounds like you want this to be setup and done automatically at scheduled intervals? For multiple clients and a server? That is a different matter all together. I thought you just wanted some software to image a machine when an incident had occurred.

It all comes down to why are you doing this? What are you trying to accomplish? This seems like a lot of data to gather.  
 
  

ChocolateDonut
Newbie
 

Re: Data collecting

Post Posted: Jul 06, 06 02:54

IP litigation initial discovery - When all is said and done, I need a collection of files from our client that are responsive to set key terms - and I'm not sure if it is easier (on our client) to collect an overly broad data set, or run some sort of index. You might be able to tell I am new to this...  
 
  

debaser_
Senior Member
 

Re: Data collecting

Post Posted: Jul 06, 06 07:26

- ChocolateDonut
IP litigation initial discovery - When all is said and done, I need a collection of files from our client that are responsive to set key terms - and I'm not sure if it is easier (on our client) to collect an overly broad data set, or run some sort of index. You might be able to tell I am new to this...


Yeah im pretty new myself. Your lawyerspeak has me baffled. I have no clue what you are asking for. Perhaps some of the more experienced guys will know.  
 
  

ChocolateDonut
Newbie
 

Re: Data collecting

Post Posted: Jul 06, 06 20:59

Is there a linux tool that will let you browse windows environment, mark which files or folders you want to copy, copy them, create a hash valuse and an audit log of the whole process? I think that's what I need...  
 

Page 1 of 2
Page 1, 2  Next