Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: williamlucas
New Today: 0
New Yesterday: 0
Overall: 29661

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Software to search an FTK Lite Mounted drive with keyword
 How much can be found?
 Computer Forensic in responding to Data Breach issues
 A bunch of numbers about digital evidences collection
 Computer forensic issue

Computer Forensics World Forums


Pages Served
We received
59554516
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Remote connections during Live Analysis
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Remote connections during Live Analysis

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Technical Issues
View previous topic :: View next topic  
Author Message
shru3
Newbie
Newbie


Joined: Oct 22, 2014
Posts: 1

PostPosted: Thu Oct 23, 2014 4:44 am    Post subject: Remote connections during Live Analysis Reply with quote

I'm using two text books (Real Digital Forensics and Windows Forensics by Harlan Carvey). They both mention that when performing live analysis, the following tools can be used to get remote connections and files opened currently.

Users Logged On:

a. PsLoggedOn - users logged on locally and visa resource shares (currently).
b. net sessions - remote users, ip address, client logonsessions - all active logon sessions
c. NetUsers : tool that shows all local users that are currently logged in and logged into the computer in the past.


Open Files:

a. net files
b. psfiles
c. openfiles

However, when I test it with Chrome Remote Desktop, I don't see the user logged on nor do I see the files opened remotely. Any idea how remote connections with Chrome can be seen during Live Analysis?

Also, documentation of PsFiles says that it shows files opened remotely and locally but when I test it with open files, it doesn't show files that are opened locally. Any insight?

Thanks!
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Technical Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.