Incident Recovery


savanted1

New Member
Nov 4, 2004
33
0
#1
Dear, Forum

When handling a incident recovery project is feasible to use the machine thats analizing the machine in question to have nothing else on it but incident recovery evidence? I realize that this maybe a no brainer to some of us here in the forum but some of us are new and are still trying to learn from mentors properly.

Regards,
 
Sep 2, 2004
70
6
#2
Savanted1,

When handling a incident recovery project is feasible to use the machine thats analizing the machine in question to have nothing else on it but incident recovery evidence?
Perhaps your question is a bit too general. Can you clarify it a bit?

H. Carvey
"Windows Forensics and Incident Recovery"
 
A

Anonymous

Guest
#3
I may be wrong, but I think what Savanted1 was getting at is this:

Should you have a dedicated machine to analyze forensic data? Can you use it for other functions (word processing, etc), or would it be best to have a "clean" computer to use for forensics analysis?

Cheers!
 
A

Anonymous

Guest
#4
Hi,

A dedicated machine solely for analysis/aquisition is a good idea...in terms of software this is the examiner choice. I have all my forensic tools as well as ms products etc...

What I do not have and I think it is important to mention is an Internet connection.

Hope this helps.
 

arch17c7

New Member
Apr 12, 2005
6
0
#5
I think it might be preferable NOT to have an Internet connection on your data acquisition computer. Another freestanding workstation nearby could be OK, but any net connection on that acquisition computer could lead to questions in cross-examination that would be uncomfortable, to say the least.
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu