Remote Collection T...
 
Notifications
Clear all

Remote Collection Tool - Off VPN  

CC4n6
(@cc4n6)
New Member

Hello Everyone,

I saw an earlier post about remote collections. I am looking for a recommendation for a Remote Collection tool that offers collections to either continue when a workstation disconnects from the internal corporate VPN or if an agent is already installed on the workstation, for the collection to be initiated. This will primarily be on workstations with Windows OS, but support for Mac OS is would be a huge plus!

We would primarily be doing full disk collections, but the ability to drill down on the OS and perform a robust targeted collection would be great.

I am aware of the offering from Magnet with their Axiom Cyber module. The tool looks great but we need to do our due diligence and look at other solutions to compare.

Thank you for the suggestions.

Quote
Topic starter Posted : 11/01/2021 4:31 pm
Bunnysniper
(@bunnysniper)
Active Member

Have a look at Velociraptor, CC4n6.

It can run in client- server mode. OSQuery also fulfills some of your requirements.

 

regards, Robin

 

ReplyQuote
Posted : 12/01/2021 2:08 am
hommy0
(@hommy0)
Member

Hi,

 

EnCase Endpoint Investigator (I think from 20.4 onwards) has functionality for off network collection

https://security.opentext.com/encase-endpoint-investigator

 

Keep well

ReplyQuote
Posted : 12/01/2021 1:22 pm
emretinaztepe
(@emretinaztepe)
New Member

Hello CC4n6,

 

Binalyze AIR supports the collection of 120+ evidence types out-of-box and lets you acquire evidence, perform triage and create a timeline investigation fully remotely. You can get it up and running on a cloud machine in 5 minutes and start deploying the clients either manually or via SCCM. 

https://binalyze.com/products/air

 

ReplyQuote
Posted : 19/01/2021 7:17 pm
Share: