[SATLUG] Forensic disk backup services in San Antonio/Universal
dondavis at reglue.org
Sun Feb 7 16:29:23 CST 2016
There is no overarching Digital Forensics board - there are multiple
groups that offer certification of some sort or another.
Basically what you're looking for is someone with a Private
Investigator's license who can dd a drive and maintain "chain of
custody." dd makes raw files, those are the most common. ewf, aff,
encase and others are others possibilities. Basically, they need
something that captures the slack space for removed "deleted" files and
.lnk prefetch files.
Please do share what you eventually decide on.
On 02/07/2016 04:09 PM, Joe wrote:
> I should mention, to get the download, you don't have to go through a
> registration process but the software is free. I used a burner address,
> and said my name was Sam Juan ;) but after that initial hassle, I've used
> the software a few times without any problems.
> On Feb 7, 2016 9:20 AM, "Joe" <null.div.zero at gmail.com> wrote:
>> I work for an oil & gas company, they're always suing each other. They
>> recently hired an outside firm to do a document grab. They used ftk
>> imager. https://en.m.wikipedia.org/wiki/Forensic_Toolkit
>> It's pretty good, it runs as the local system account on Windows; so it
>> gets deleted files, and files you don't have permissions for. Not sure if
>> they make a Linux version. Also, "chain of custody" may be an issue for
>> them. It basically removes your liability for the data, should anything
>> be missing, or get lost during shipping etc. Good luck.
>> On Feb 6, 2016 5:18 PM, "Brad Knowles" <brad at shub-internet.org> wrote:
>>> I have a family member who is being told that they need to get a
>>> certified backup made of their computer systems, which may be presented in
>>> court as evidence.
>>> I found the “San Antonio Computer Doctor” (see <
>>> http://sacdr.com/forensics.html>), who split off their forensics work
>>> into "EXHIBIT A: Computer Forensic Investigations” (see <
>>> http://www.exhibitacfi.com/ExhibitA-Computer-Forensics.html>), but I was
>>> wondering if anyone had any personal experience with these types of
>>> services, or knew of any that they could recommend?
>>> Brad Knowles <brad at shub-internet.org>
>>> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
>>> SATLUG mailing list
>>> SATLUG at satlug.org
>>> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
>>> Powered by Rackspace (www.rackspace.com)
More information about the SATLUG