Remote Collection T...
 
Notifications
Clear all

Remote Collection Tool - Off VPN

5 Posts
5 Users
0 Likes
3,367 Views
(@cc4n6)
Posts: 16
Eminent Member
Topic starter
 

Hello Everyone,

I saw an earlier post about remote collections. I am looking for a recommendation for a Remote Collection tool that offers collections to either continue when a workstation disconnects from the internal corporate VPN or if an agent is already installed on the workstation, for the collection to be initiated. This will primarily be on workstations with Windows OS, but support for Mac OS is would be a huge plus!

We would primarily be doing full disk collections, but the ability to drill down on the OS and perform a robust targeted collection would be great.

I am aware of the offering from Magnet with their Axiom Cyber module. The tool looks great but we need to do our due diligence and look at other solutions to compare.

Thank you for the suggestions.

 
Posted : 11/01/2021 4:31 pm
Bunnysniper
(@bunnysniper)
Posts: 257
Reputable Member
 

Have a look at Velociraptor, CC4n6.

It can run in client- server mode. OSQuery also fulfills some of your requirements.

 

regards, Robin

 

 
Posted : 12/01/2021 2:08 am
(@hommy0)
Posts: 98
Trusted Member
 

Hi,

 

EnCase Endpoint Investigator (I think from 20.4 onwards) has functionality for off network collection

https://security.opentext.com/encase-endpoint-investigator

 

Keep well

 
Posted : 12/01/2021 1:22 pm
(@emretinaztepe)
Posts: 4
New Member
 

Hello CC4n6,

 

Binalyze AIR supports the collection of 120+ evidence types out-of-box and lets you acquire evidence, perform triage and create a timeline investigation fully remotely. You can get it up and running on a cloud machine in 5 minutes and start deploying the clients either manually or via SCCM. 

https://binalyze.com/products/air

 

 
Posted : 19/01/2021 7:17 pm
(@panamabay12)
Posts: 7
Active Member
 

Take a look at Rocket by Digital DNA Group - www.digitaldnagroup.com

 
Posted : 02/07/2022 7:22 pm
Share: