I am almost finished creating a live data collection forensic CD, but I've noticed it is slow (20 minutes when it should be 3-5 minutes) when running on computers that are not logged in as administrator. I could use PSexec or runas or something to log in as administrator, but I have a concern that this may alter important information on the computer. The question I have is, what is the best policy when creating a forensic boot disk? Is it best to wait for the information or have the CD log in as local administrator to collect information in a timely fashion before shutting down? I do have the local admin password so that is not an issue. I am talking about windows boxes.
I am almost finished creating a live data collection forensic CD, but I've noticed it is slow (20 minutes when it should be 3-5 minutes) when running on computers that are not logged in as administrator. I could use PSexec or runas or something to log in as administrator, but I have a concern that this may alter important information on the computer. The question I have is, what is the best policy when creating a forensic boot disk? Is it best to wait for the information or have the CD log in as local administrator to collect information in a timely fashion before shutting down? I do have the local admin password so that is not an issue. I am talking about windows boxes.
Thanks,
Matt
[ reply ]