What would be the best method of grabbing an image off a VPS (Virtual Private Server) and doing analysis on itself.
Obviously I cannot download the image since it's too large, so I have time to do the investigation on the system it self. It runs on a windows server, but I would like to know a quick method of grabbing some sort of image and doing analysis on it.
My main target is browser history, so that means knowing what's there and what was deleted. Everything else such as media and stuff can be put to last.
Anyone know of a free software that can make my task easy.
Also, can FTK Imager grab a small sized image, if so how can this be done?
Which VPS software is used, VMWare ESX/ESXi?
If so, this may help
It may also be possible to directly download the disk image through ESX(i) VCenter, i cant remember. Not sure how well it works with images that use provisioning.
Make sure to grab any snapshots since they can contain valuable evidence.