Remote Forensics Acquisation
Obviously using remote forensics gives you the ability to remotely acquire data from multiple Hosts and view this in your local location as a share for example.
Now i have looked at a view options for remote acquisation and the one i like is F response tool
https://www.f-response.com/software/univ It is fairly priced as well for the tasks it does.
Also i know Paraban do a good solution for remote forensics as well but it is double the price.
My question is really does anyone know of any other options? Also a company informed me that they use open source tools for remote acquisition, are there any recommended free tools for this?
We have encase forensic version currently. If you upgraded to encase enterprise version and used the remote acquisition tool within this software, is it any good?
thanks for any help,
Full disclosure I work for Guidance Software.
Since you already have EnCase Forensic, you could try the "Direct Network Preview" tool. You can perform remote forensics, on one endpoint at a time.
I wrote a blog post on this a while back describing on how to use it.
It allows remote preview, full disk or logical acquisition as well as volatile data capture (running processes, open ports, live ram dump, etc.). Hope this helps.
Thanks for the response.
The problem with the "Direct Network Preview" is although it works well. Don't you have to get the user to install the installer onto their laptop? I can't do that remotely?
If i am investigating someone i can't ask them to install the installer. Maybe i am wrong here?
thanks for your help,
David you mentioned EnCase needs to setup an installer but I assume every piece of software needs to be run on the suspects computer.
You need some kind of access/rights to push a servlet. Same problem with f-response or any other piece of software.