No announcement yet.

Computer Forensics

  • Filter
  • Time
  • Show
Clear All
new posts

  • Computer Forensics

    My primary job is computer forensics on a rather large network (over 20,000 nodes).

    I have the following needs (and maybe some already exist).

    1. I have ISO, IMG, BIN, E0, E1, FTK, etc. etc. types of files and often they are Hundreds of gigs for an individual file, and in the case of some logs, and individual text file may be over 1 TB.

    I often need to copy these files from remote locations (slower network connection) to a local Hard drive for me to take down into a lab (layer 1 isolated), and sometimes just copy from/to a local server with a remote server.

    The problem is, it copies from server 1 to the machine BC is running on, then to the destination server. It would be ideal if we can get the servers to communicate directly with each other and forget the middle man computer.

    Novell uses the Server Consolidation utility on their servers, and Microsoft has an equivalent, and I believe Linux does as well.

    2. Additional columns such as Creation, Modified, and Last accessed dates and other metadata comparisons.

    3. In addition to file attributes, there are file system attributes. For example, on a Novell NSS file system, a file may have a "Delete Inhibit" flag set on it which won't exist on a NTFS file system. The NTFS will have Alternate Data Streams, and the various MAC OS's will include Forks. These delta's should be shown or at least should be included in the compare options.

  • #2

    1. Our copy method uses the same base copy method as Windows Explorer. If these protocols hook in and allow this method of direct transfer in Windows Explorer, then it's possible BC4 would as well, or if Microsoft upgrades their copy functionality to perform this style of transfer. The Novell solution appears to be a full harddrive transfer migration rather than allowing a selection of files/folders, which would work for our Copy method.

    2. Expanding and enhancing our timestamp support is on the wishlist. We can currently copy/set and display Last Modified, while also copying Creation date.

    3. Adding support for NTFS Alternate data streams and OSX forks is also on our wishlist, although it is unlikely we'll be able to tackle Novell NSS.

    Our wishlist is not currently scheduled development, but a place our developers go for ideas of future features and enhancements.
    Aaron P Scooter Software