Remote collection t...
 
Notifications
Clear all

Remote collection tool  

  RSS
socratescymru
(@socratescymru)
New Member

I'm looking for a commercial remote collection tool, ideally coupled with a forensic suite such as Axiom Cyber or BEC. (or a forensic suite with remote collection capabilities, which ever way around)

 

I'm aware of F-Response but at the price they charge, I'd like to be able to do some analysis too! 

 

I'd like to be able to collect the remote data as an image file (E01, DD etc) by ideally just deploying an agent without too much interaction on the target machine.

 

Any suggestions? 

This topic was modified 4 weeks ago 2 times by socratescymru
Quote
Posted : 29/10/2020 11:39 am
keydet89
(@keydet89)
Community Legend

What platform(s) do you want to support?

If price is an issue, what's your threshold?  What dollar amount is too much, based on what level of capabilities?

Are you asking about remote imaging, or collecting triage (not a full image) data?

ReplyQuote
Posted : 31/10/2020 11:31 am
socratescymru
(@socratescymru)
New Member

I'm looking for Windows based and ideally able to support full remote imaging of all major OS'. 

 

Don't have an upper dollar limit for the right tool that allows me to remotely collect an image and have a full analysis suite.

 

What software do you recommend @keydet89?

ReplyQuote
Posted : 01/11/2020 1:08 am
Em-Belkasoft
(@em-belkasoft)
Junior Member
Posted by: @socratescymru

I'm looking for a commercial remote collection tool, ideally coupled with a forensic suite such as Axiom Cyber or BEC. (or a forensic suite with remote collection capabilities, which ever way around)

 

I'm aware of F-Response but at the price they charge, I'd like to be able to do some analysis too! 

 

I'd like to be able to collect the remote data as an image file (E01, DD etc) by ideally just deploying an agent without too much interaction on the target machine.

 

Any suggestions? 

Remote Acquisition in Belkasoft Evidence Center (BEC) will help you do precisely what you just described. BEC provides an agent that you can deploy on the target computer and all that. BEC—with the Remote Acquisition module installed—is a forensics suite with remote collection capabilities. 

This post was modified 4 weeks ago 2 times by Em-Belkasoft
ReplyQuote
Posted : 02/11/2020 8:48 am
hommy0
(@hommy0)
Member

Good Morning,

EnCase Forensic / EndPoint Investigator has direct agent functionality, the agent gets deployed directly to the endpoint to allow for preview and acquisition of content on that computer.  The evidence file format is EX01, E01, LX01 or L01.  

The agent has the ability to be deployed to both Windows and Mac (including Mac's that have the T2 security chip)

Regards

ReplyQuote
Posted : 02/11/2020 10:33 am
keydet89
(@keydet89)
Community Legend
Posted by: @socratescymru

I'm looking for Windows based and ideally able to support full remote imaging of all major OS'. 

 

Don't have an upper dollar limit for the right tool that allows me to remotely collect an image and have a full analysis suite.

 

What software do you recommend @keydet89?

F-Response and open source software for parsing, correlation and display.

Analysts do analysis, not software.

ReplyQuote
Posted : 02/11/2020 12:43 pm
UnallocatedClusters
(@unallocatedclusters)
Senior Member

Passmark's OSForensics allows for remote forensic imaging of network attached devices and folders assuming one has admin rights.  OSForensics is also a full analysis suite.

I am not sure if OSForensics can image Mac OSX or Linux OSX computers remotely - you would need to ask Passmark or test this yourself.

OSForensics also has built in web capture capabilities, and now version 8 added Google Drive and Gmail capture capabilities.

(NOTE:  I have no professional affiliation with Passmark, but I do use OSForensics on many of our cases).

ReplyQuote
Posted : 02/11/2020 6:41 pm
sisyphus
(@sisyphus)
New Member

Let us not forget about Forensic Explorer (FEX).  This is a very nice program which, not only can acquire data and create industry standard .E01 files through the network, but it also will live boot the system once you have an acquired image file as well as forensically view the files and has a built-in reporting system.

 

Very handy to have.

https://getdataforensics.com/product/forensic-explorer-fex/

ReplyQuote
Posted : 16/11/2020 6:21 pm
Justin
(@auptyk)
New Member

AccessData's Forensic Toolkit Enterprise platform has remote collection from Windows, Mac, and Linux machines over a network. Full disk image, selected files, partitions... memory...whatever you want. 

You can set schedules with the acquisition to minimize impact on the target machine and the network. 

You can collect and analyze in one tool. 

This post was modified 2 weeks ago by Justin
ReplyQuote
Posted : 16/11/2020 9:11 pm
Share: