Back to list
Re: P2V - Live Forensics
Feb 17 2011 10:55PM
synja synfulvisions com
I have had to do this in the past.
I simply added a firewall rule that dropped her traffic, and brought the laptop back to my office for "service." Once the drive was imaged, I erased the rule and made up a story about a network driver update for her model causing the problem.
This is of course a matter of how competent the user is.
From: solefarmer (at) gmail (dot) com [email concealed]
Sender: listbounce (at) securityfocus (dot) com [email concealed]
To: forensics (at) securityfocus (dot) com [email concealed]
Subject: P2V - Live Forensics
Sent: Feb 15, 2011 10:13 AM
Ladies, Gentlemen, and otherwise:
I have a situation whereby I need to obtain an image of an individual's laptop suitable for potential prosecution in a US court; however, I only have a limited window in which to grab the image, and was looking for alternatives in order to not "spook" the poor guy or his co-workers who would no doubt tell him about me, as I go into his office and randomly image his drive!
I thought about using P2V (Physical to Virtual), but realize that such software does make some steps to alter the system and thus may have court challenges. Is there possibility such could be explained in court, or perhaps md5 hash of his files(not the disk image) taken while online and then compared to a virtual image of sorts.
Please advise, and I'm thinking of sending the winning submission a beer or two or some other minor token of appreciation.
Certify Software Integrity - thawte Code Signing Certificates
This guide will show you how Code Signing Certificates are used to secure code that can be downloaded from the Internet. You will also learn how these certificates operate with different software platforms.
Sent via BlackBerry by AT&T
[ reply ]
Copyright 2010, SecurityFocus