COOKIES

To enhance our website and services, we use Google Analytics, which requires your consent below to gather data about your device and site usage. Your data may be transferred outside the EU by Google, where regulations may differ. Consent is voluntary and revocable by contacting us.

Essential cookies are strictly necessary for site operation. For details on cookie usage as well as how we process your data, please read our policy.

Skip to main content

Remote Forensics

Remote Forensics

 

The term Remote Forensics (also identified as Network Forensics or Online Forensics by some companies) covers a broad variety of forensic approaches, but is used mostly to refer to performing computer and digital forensics remotely in an enterprise environment.  It is the collection, examination, and reporting of digital evidence from a connected, operating computer on a live network. 

 

Remote Forensics is not just network packet capture and analysis.  For these types of tools, please see the Network Forensic Tools category.

 

The primary benefit of Remote Forensics tools is response capability; providing a method for Incident Response teams to evaluate the potentially compromised computer without the time necessary to gain physical access to the computer.  Running a close second is the ability to capture volatile data that is not available once a computer is shutdown, including:

  • Data in memory, such as registers and cache contents
  • Running processes
  • Any passwords that are stored in memory as clear text
  • Executed console commands
  • Currently attached devices, especially networked drives
  • Open ports and listening applications
  • Logged on users

Usually the investigation can be performed without the knowledge of the computer owner, allowing for discreete internal investigations.

 

Most Remote Forensic tools use a servlet, a piece of software installed on each computer that allows a Forensics Investigator or Incident Responder to access and analyze a computer over the network. 

 

Be sure to investigate any solution you choose to ensure it meets your requirements for collection of valid and verifiable evidence and documentation for acceptance evidence and documentation in a court of law.

 

Other information about Remote Forensics:

 

Related Categories
Results 1 - 7 of 7
This Category
All Listings