Forums
Main Category
General (Technical,...
Remote Forensic Dat...
 
Notifications
Clear all

Remote Forensic Data Collection

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by JimC 2 years ago
6 Posts
4 Users
1 Likes
2,708 Views
RSS
 PanamaBay12
(@panamabay12)
Posts: 7
Active Member
Topic starter
 

Are there any tools that can collection in EO1 or Forensic 7zip that doesn't require hardware or installed software?

 
Posted : 03/03/2022 11:17 pm
UnallocatedClusters
 UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

Passmark's OSForensics can perform remote forensic imaging without the need to install any software locally or remotely.

 
Posted : 08/03/2022 5:15 pm
drkaan
 drkaan
(@darthpiper)
Posts: 2
New Member
 

Hi, you can also use FEX Imager and GetData Network Agent. The agent is a single executable. https://youtu.be/spUQre_9xUk

This post was modified 2 years ago by drkaan
 
Posted : 29/03/2022 9:57 am
UnallocatedClusters reacted
 PanamaBay12
(@panamabay12)
Posts: 7
Active Member
Topic starter
 

@darthpiper do you need physical access?

 
Posted : 02/07/2022 8:43 pm
drkaan
 drkaan
(@darthpiper)
Posts: 2
New Member
 

@panamabay12 the network agent is a single executable, you can try executing it remotely with MS Sysinternal's tools if you have necessary rights.

 
Posted : 03/07/2022 9:31 am
JimC
 JimC
(@jimc)
Posts: 86
Estimable Member
 

You can serve a disk or filesystem to a remote client with my DMSERVER tool. For example, to publish on port 8080:

DMSERVER /PORT:8080 \\.\PhysicalDrive3

You can image a remote target to E01 using the DMIMAGE tool. For example, with the previous example:

DMIMAGE /CREATE:example.e01  http://targetpc:8080

 

The software is a work-in-progress. It is available free-of-charge to bona fide forensic practitioners and researchers. If this is you, please drop me a message.

Jim

www.forensicinternals.com

 
Posted : 13/07/2022 4:48 pm
Forum Jump:
  Previous Topic
Next Topic  
Share: