I'm looking for a commercial remote collection tool, ideally coupled with a forensic suite such as Axiom Cyber or BEC. (or a forensic suite with remote collection capabilities, which ever way around)
Â
I'm aware of F-Response but at the price they charge, I'd like to be able to do some analysis too!Â
Â
I'd like to be able to collect the remote data as an image file (E01, DD etc) by ideally just deploying an agent without too much interaction on the target machine.
Â
Any suggestions?Â
What platform(s) do you want to support?
If price is an issue, what's your threshold? What dollar amount is too much, based on what level of capabilities?
Are you asking about remote imaging, or collecting triage (not a full image) data?
I'm looking for Windows based and ideally able to support full remote imaging of all major OS'.Â
Â
Don't have an upper dollar limit for the right tool that allows me to remotely collect an image and have a full analysis suite.
Â
What software do you recommend @keydet89?
I'm looking for a commercial remote collection tool, ideally coupled with a forensic suite such as Axiom Cyber or BEC. (or a forensic suite with remote collection capabilities, which ever way around)
Â
I'm aware of F-Response but at the price they charge, I'd like to be able to do some analysis too!Â
Â
I'd like to be able to collect the remote data as an image file (E01, DD etc) by ideally just deploying an agent without too much interaction on the target machine.
Â
Any suggestions?Â
Remote Acquisition in Belkasoft Evidence Center (BEC) will help you do precisely what you just described. BEC provides an agent that you can deploy on the target computer and all that. BEC—with the Remote Acquisition module installed—is a forensics suite with remote collection capabilities.Â
Good Morning,
EnCase Forensic / EndPoint Investigator has direct agent functionality, the agent gets deployed directly to the endpoint to allow for preview and acquisition of content on that computer. Â The evidence file format is EX01, E01, LX01 or L01. Â
The agent has the ability to be deployed to both Windows and Mac (including Mac's that have the T2 security chip)
Regards
I'm looking for Windows based and ideally able to support full remote imaging of all major OS'.Â
Â
Don't have an upper dollar limit for the right tool that allows me to remotely collect an image and have a full analysis suite.
Â
What software do you recommend @keydet89?
F-Response and open source software for parsing, correlation and display.
Analysts do analysis, not software.
Passmark's OSForensics allows for remote forensic imaging of network attached devices and folders assuming one has admin rights. OSForensics is also a full analysis suite.
I am not sure if OSForensics can image Mac OSX or Linux OSX computers remotely - you would need to ask Passmark or test this yourself.
OSForensics also has built in web capture capabilities, and now version 8 added Google Drive and Gmail capture capabilities.
(NOTE:Â I have no professional affiliation with Passmark, but I do use OSForensics on many of our cases).
Let us not forget about Forensic Explorer (FEX). This is a very nice program which, not only can acquire data and create industry standard .E01 files through the network, but it also will live boot the system once you have an acquired image file as well as forensically view the files and has a built-in reporting system.
Â
Very handy to have.
AccessData's Forensic Toolkit Enterprise platform has remote collection from Windows, Mac, and Linux machines over a network. Full disk image, selected files, partitions... memory...whatever you want.Â
You can set schedules with the acquisition to minimize impact on the target machine and the network.Â
You can collect and analyze in one tool.Â
Take a look at Rocket by Digital DNA Group - www.digitaldnagroup.com