Any suggestions to make forensic copy of public ftp server?
Thanks
I suppose it is remote server where you don't have admin access to machine ?
Ideal situation will be if you can use some of network forensic tools, like FIM
ftp can be used to put servlet or agent to server. Same for using dd or anything else
but still you have to get admin rights to get full machine image
This is also question of size and bandwith avaliable …
what comes to my mind is wget as a tool to dump public readable files from ftp or http server
it will copy structure, you'll get logical copy of ftp tree
there is question of timestamps and ownership, what you can chek in manual )
http//
Any suggestions to make forensic copy of public ftp server?
Make sure you know what questions that is expected to answer, and if it really does so or not. If some questions are about FTP access and activities, you probably need account information as well as server logs … and you have to know how to find those. And in some cases you may even need to locate helpdesk logs (to see when users reported problems) or logs of FTP system owner (to know when that problem was fixed, or the latest update or patches were applied). But knowing 'why' helps get those things (and others) under control.
Just a question.
If you are being asked to image the server then presumably you are being asked by the person who owns the server..? Is physical access to the machine hosting the data not an option?
Or is it a situation where it's a rented server and the person who is engaging you only owns the data not the physical hardware itself?