Can anyone tell me how "forensically different" xxcopy is compared to robocopy?
I've always used xxcopy in lieue of robocopy, but now that I'm having to do forensic-ish stuff, I'm a little paranoid about it being "as good" as robocopy (which seems to have a solid reputation amongst forensic types) in saving file attributes, metadata, and full paths of data when collecting.
Any advice here?
(Yes, I know that both of these tools are not technically 'open source', but I put them here because they are 'free', and many people assume that free = open source)
Looks like i might have found my answer in
xxcopy c z /s /h /tea /tec /tew
robocopy c z /s
Personally, I like xxcopy WAY better for what I've done in the past (i.e. mass migrate files from one server to another). Once I started using it, I never looked at robocopy again. (But maybe I should…?)
I think you need both in your tool kit as well as a few others. XXCopy is probably the fastest copy tool and it does have scripting but it lacks solid reporting capabilities. I like Evidence Mover which is actually my favorite as it has the speed, MD5 hashing and decent reporting (but it lacks scripting.) If you want good reporting try SafeCopy2 which offers both the SafeCopy engine and RoboCopy along with hashing. Want great reporting and forensically sound copy and extraction? Check out FileAnalyst from LitQuest.
I currently use XXCopy, RoboCopy, Evidence Mover and FileAnalyst to cover most of my copy tasks.
Thanks for the tip.
Hadn't heard of
So, I worked on learning the robocopy syntax and I finally was able to gather all the eDiscovery ext and save them to my external drive.
For those who are interested in knowing the syntax I used here it is
"G" is the source drive and Forensic Maxtor is my external drive.
C\>Robocopy G\ *.DOC* *.XLS* *.PPT* *.TIFF* *.TIF* *.PDF* *.PST* *.ZIP* /COPYDAT /Z /S /LOGDATA /TEE \\FORENSIC\MAXTOR\
It worked perfectly!!
I discovered the log file will default from whatever drive your running RoboCopy from.
Genevieve Turner, EnCE