Notifications

Clear all

Secure collection of web-based evidence

General (Technical, Procedural, Software, Hardware etc.)

Last Post by douglasbrush 15 years ago

4 Posts

4 Users

0 Reactions

370 Views

RSS

research1

(@research1)

Estimable Member

Joined: 17 years ago

Posts: 165

Topic starter 05/04/2010 5:44 pm

Does anyone use any standard methodologies or pieces of software which capture an entire online website, to be available offline, in a forensic manner?
Not just the actual page, but all html files on that site.

Regards

Quote

rwuiuc

(@rwuiuc)

Eminent Member

Joined: 19 years ago

Posts: 24

05/04/2010 11:02 pm

I have used the following protocol

1. Clean system

2. HTTrack ( grabs entire site) or wget or other web collection apps
http//www.httrack.com/

3.Video and image Capture of the session

4. Possibly a pcap\wireshark capture of the session

5. Hash individually collected pages, files, supporting data such as images\video and pcap

6. Copy original evidence into some sort of encrypted archive

7. Create a working copy of the original evidence

ReplyQuote

RavAlert

(@ravalert)

Eminent Member

Joined: 20 years ago

Posts: 21

07/04/2010 12:54 pm

i used teleport pro too.

ReplyQuote

douglasbrush

(@douglasbrush)

Prominent Member

Joined: 16 years ago

Posts: 812

07/04/2010 4:53 pm

Check out WebCase. Todd Shipley was on the 02-07-10 CyberSpeak and gave a bit of an overview.

http//cyberspeak.libsyn.com/cyber_speak_february_7_2010

http//veresoftware.com/

ReplyQuote

Forum Jump:

Previous Topic

Next Topic

Currently viewing this topic 1 guest.

8 Forums
15.7 K Topics
92.3 K Posts
212 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed