Hi,
In a couple of large investigations I have the need to make quick selections on all the images made.
At the moment this is still a lot of manual work.
Just some kind of script like, this is the folder with all the images of this investigation, go and grab …… (for example)
- What Apple devices are synced on which computer. Just a quick and dirty list with evidence item and Apple device (for example IMEI).
- a list of all computers, their users, domains, ip addresses, etc.
Of course I can do this in Encase (like initialize case), but with lots of computers I'm not sure this is the right way.
Maybe the usage of forensic scripts like in the SANS SIFT is an option.
Just would like to have your opinion, ideas and maybe experience on this topic.
Regards,
Karsten