I have had a very similar case.
If your network is fast enough i would suggest you do a live image using psexec, dd, netcat, and md5sum.
Obtain a shell on her box using psexec (use a domain admin account), mount a remote samba share under the context of that user, and then dd the PhysicalDisk as no...
If your network is fast enough i would suggest you do a live image using psexec, dd, netcat, and md5sum.
Obtain a shell on her box using psexec (use a domain admin account), mount a remote samba share under the context of that user, and then dd the PhysicalDisk as no...
[ more ]