All
Let's say you have stood up some sort of box for remote forensics collections and investigations…
How many have VPN access to this server so you can conduct investigations off hours and when not in the office?
Do you have VPN or RDP or Some other sort of access to any internal forensic boxes?
Thoughts on monitoring, base lining, and integrity monitoring?
PMs are always fine as well
RDP - sort of.
1. set up a PPTP (encrypted) to a reverse proxy, using two factor authentication, AV check, restricted source/destination, no split tunneling.
2. launch a RDP session to a machine using an RDP gateway, authenticating against a domain using a pass and certificate on my machine.
3. launch an RDP session from that machine to the destination forensic workstation.
4. The forensic workstation authenticates using cert and account again.
5. Start working mrgreen
what would happen if the case included IIC or if it was unknown and there was IIC on the computer and it transferred to your home computer?
Greetings,
My home computer is a company system and is maintained in the same way as the other company systems.
That said, using RDP, no content is transfered from the examination system to the local system without very explicit steps being taken. The possibility of accidental transfer of information is extremely low.
-David