Remote Forensic Dat...
 
Notifications
Clear all

Remote Forensic Data Collection

PanamaBay12
(@panamabay12)
New Member

Are there any tools that can collection in EO1 or Forensic 7zip that doesn't require hardware or installed software?

Quote
Topic starter Posted : 03/03/2022 10:17 pm
UnallocatedClusters
(@unallocatedclusters)
Senior Member

Passmark's OSForensics can perform remote forensic imaging without the need to install any software locally or remotely.

ReplyQuote
Posted : 08/03/2022 4:15 pm
drkaan
(@darthpiper)
New Member

Hi, you can also use FEX Imager and GetData Network Agent. The agent is a single executable. https://youtu.be/spUQre_9xUk

This post was modified 5 months ago by drkaan
ReplyQuote
Posted : 29/03/2022 9:57 am
PanamaBay12
(@panamabay12)
New Member

@darthpiper do you need physical access?

ReplyQuote
Topic starter Posted : 02/07/2022 8:43 pm
drkaan
(@darthpiper)
New Member

@panamabay12 the network agent is a single executable, you can try executing it remotely with MS Sysinternal's tools if you have necessary rights.

ReplyQuote
Posted : 03/07/2022 9:31 am
JimC
 JimC
(@jimc)
Member

You can serve a disk or filesystem to a remote client with my DMSERVER tool. For example, to publish on port 8080:

DMSERVER /PORT:8080 \\.\PhysicalDrive3

You can image a remote target to E01 using the DMIMAGE tool. For example, with the previous example:

DMIMAGE /CREATE:example.e01  http://targetpc:8080 

 

The software is a work-in-progress. It is available free-of-charge to bona fide forensic practitioners and researchers. If this is you, please drop me a message.

Jim

www.forensicinternals.com

ReplyQuote
Posted : 13/07/2022 4:48 pm
Share:
Share to...