Forensics
Re: Re: P2V - Live Forensics Feb 21 2011 06:55AM
paul ha cked net
I have had a very similar case.
If your network is fast enough i would suggest you do a live image using psexec, dd, netcat, and md5sum.

Obtain a shell on her box using psexec (use a domain admin account), mount a remote samba share under the context of that user, and then dd the PhysicalDisk as normal to the remote share.

This way the user will never know that you were even on thier PC, and you dont need to take the laptop away. It is by far the cleanest and most stealthy approach.

On a gig network it is possible to image a 250gig laptop drive in about 6 hours.

-----------------------------------------------------------------
Certify Software Integrity - thawte Code Signing Certificates
This guide will show you how Code Signing Certificates are used to secure code that can be downloaded from the Internet. You will also learn how these certificates operate with different software platforms.
http://www.dinclinx.com/Redirect.aspx?36;5000;25;1371;0;2;946;005be7f5c8
72ea1f

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus