Streamline Your Digital Investigations

Discussions related to Forensic Focus webinars. Please use the appropriate topic for each webinar.

Streamline Your Digital Investigations

Post Posted: Mon Jan 16, 2017 9:59 am

Please use this topic for discussion of the webinar

Streamline Your Digital Investigations

Presenter: Richard Frawley, ADF Solutions


Senior Editor, Forensic Focus
Web: www.forensicfocus.com
Twitter: twitter.com/ForensicFocus
Facebook: www.facebook.com/forensicfocus

scar
Forensic Focus

Re: Streamline Your Digital Investigations

Post Posted: Mon Jan 16, 2017 11:00 am

- scar
Please use this topic for discussion of the webinar

Streamline Your Digital Investigations

Presenter: Richard Frawley, ADF Solutions


When performing a boot scan, what live distribution is used to run your tools? What measures were taken to disable the automatic mounting of file systems? What measures were taken to disable the automatic code execution from a suspect drive? Is there a software write blocker present?

thefuf
Senior Member

    Re: Streamline Your Digital Investigations

    Post Posted: Wed Jan 18, 2017 3:58 pm

    Thank you for your interest in our tools. The operating system used on our Collection Key during a boot scan is forensically sound. It does not automatically mount volumes or allow automatic code execution. We prefer to not discuss technical specifics within a public forum but are happy to assist our customers with this information or others in a private non-disclosure situation.

    PC4N6
    Newbie

      Re: Streamline Your Digital Investigations

      Post Posted: Wed Jan 18, 2017 6:19 pm

      - PC4N6
      Thank you for your interest in our tools. The operating system used on our Collection Key during a boot scan is forensically sound. It does not automatically mount volumes or allow automatic code execution. We prefer to not discuss technical specifics within a public forum but are happy to assist our customers with this information or others in a private non-disclosure situation.


      Thank you for the reply! I am not interested in your tools anymore.

      thefuf
      Senior Member

        Re: Streamline Your Digital Investigations

        Post Posted: Wed Jan 18, 2017 7:05 pm

        - thefuf
        - PC4N6
        Thank you for your interest in our tools. The operating system used on our Collection Key during a boot scan is forensically sound. It does not automatically mount volumes or allow automatic code execution. We prefer to not discuss technical specifics within a public forum but are happy to assist our customers with this information or others in a private non-disclosure situation.


        Thank you for the reply! I am not interested in your tools anymore.

        @thefuf
        WHY? <- Rhetorical questionWink

        @PC4N6
        Only out of curiosity (and of course only if you can actually disclose this kind of info publicly), what is the plan when (hypothetically) one of your users is standing on the (expert) witness stand (under oath) and is asked how the tool he/she used works?

        Just for the record, I was almost flamed for expressing a similar doubt a few years ago:
        www.forensicfocus.com/...ic/t=2488/


        jaclaz


        - In theory there is no difference between theory and practice, but in practice there is. - 

        jaclaz
        Senior Member
          Page 1 of 1




          ± Forensic Focus Partners

          ± Your Account



          Site Members:

          New Today: 1 Overall: 33061
          New Yesterday: 3 Visitors: 183

          ± Follow Forensic Focus

          Forensic Focus Facebook Page Forensic Focus on Twitter Forensic Focus LinkedIn Group Forensic Focus YouTube Channel

          RSS feeds: News Forums Articles

          ± Latest Articles

          ± Latest Webinars


          Build a Mobile Site
          View Site in Mobile | Classic
          Share by: