Newest Listing

Top Rated

Most Popular

Remote ForensicsRSS

Remote Forensics

 

The term Remote Forensics (also identified as Network Forensics or Online Forensics by some companies) covers a broad variety of forensic approaches, but is used mostly to refer to performing computer and digital forensics remotely in an enterprise environment.  It is the collection, examination, and reporting of digital evidence from a connected, operating computer on a live network. 

 

Remote Forensics is not just network packet capture and analysis.  For these types of tools, please see the Network Forensic Tools category.

 

The primary benefit of Remote Forensics tools is response capability; providing a method for Incident Response teams to evaluate the potentially compromised computer without the time necessary to gain physical access to the computer.  Running a close second is the ability to capture volatile data that is not available once a computer is shutdown, including:

  • Data in memory, such as registers and cache contents
  • Running processes
  • Any passwords that are stored in memory as clear text
  • Executed console commands
  • Currently attached devices, especially networked drives
  • Open ports and listening applications
  • Logged on users

Usually the investigation can be performed without the knowledge of the computer owner, allowing for discreete internal investigations.

 

Most Remote Forensic tools use a servlet, a piece of software installed on each computer that allows a Forensics Investigator or Incident Responder to access and analyze a computer over the network. 

 

Be sure to investigate any solution you choose to ensure it meets your requirements for collection of valid and verifiable evidence and documentation for acceptance evidence and documentation in a court of law.

 

Other information about Remote Forensics:

 

Visit the Product Site

EnCase Enterprise Edition is a revolutionary solution providing a platform for comprehensive enterprise wide incident response, information auditing and forensic discovery. Leveraging the powerful functionality of Guidance Software's flagship product, EnC ...

VendorGuidance Software, Inc.
Pricing ModelCommercial
Modified

Visit the Product Site

GEM allows customers to execute malware discovery across their enterprise to root out malicious code infiltration and use. GEM is simple to use, investigators can quickly target systems for investigation, simultaneously launch the discovery agent and perf ...

VendorWetStone Technologies
Pricing ModelCommercial
ModifiedNever

Visit the Product Site

Paraben's Enterprise is a collection of products that allow for remote digital forensic investigations of computers, allowing for remote collection and control over your enterprise. The solutions range from simple screen capture and active memory acquisit ...

VendorParaben Corporation
Pricing ModelCommercial
Modified

Visit the Product Site

OnLineDFS enables a rapid but forensically sound determination about whether an issue exists in a computer so that quick action can be taken to address the situation. Since OnLineDFS enables non-disruptive but forensically-sound examination and informatio ...

VendorCyber Security Technologies Corp.
Pricing ModelCommercial
Modified

Visit the Product Site

AccessData® Enterprise provides network-enabled digital investigations, built on AccessData's court-validated Forensic Toolkit® technology, AD Enterprise delivers remote incident response capabilities, deep dive analysis of both volatile and static data, ...

VendorAccessData
Pricing ModelCommercial
ModifiedNever

Visit the Product Site

F-Response is a vendor neutral, patented software utility that enables an investigator to conduct live forensics, Data Recovery, and eDiscovery over an IP network using their tool(s) of choice. F-Response is not another analysis tool. F-Response is a util ...

VendorF-Response
Pricing ModelCommercial
ModifiedNever

Visit the Product Site

The Remote Forensics architecture allows companies to reduce their investigation budgets and enable analysts to work more productively by providing a fast, secure and effective incident response framework that enforces a consistent methodology allowing an ...

VendorEvidence Talks
Pricing ModelCommercial
ModifiedNever

GRR

Visit the Product Site

GRR is an Incident Response Framework focused on Remote Live Forensics. State of the Project August 2011 GRR is in proof of concept stage and is not considered production-ready. The basic principles have been proven, but there is significant work to be d ...

VendorCollaboration of developers
Pricing ModelOpen Source
Modified

Visit the Product Site

ProDiscover Incident Response Edition software is a proactive, reactive, and interactive computer forensic investigation and information security tool. It enables investigators to quickly and thoroughly examine a live computer operating anywhere on a netw ...

VendorThe ARC Group of NY
Pricing ModelCommercial
Modified

Visit the Product Site

Intelligent Response searches for forensic artifacts left behind by attacker activity. These Indicators of Compromise are captured in the XML-based OpenIOC format, which the MIR appliance can efficiently sweep for across 10s of thousands of hosts, using a ...

VendorMANDIANT Corporation
Pricing ModelCommercial
ModifiedNever

Visit the Product Site

Helix3 Enterprise is acyber security solution integrated into your network giving you visibility across your entire infrastructure revealing malicious activities such as Internet abuse, data sharing and harassment. H3E also allows you to isolate and respo ...

Vendore-fense
Pricing ModelCommercial
ModifiedNever
AD eDiscovery

Visit the Product Site

AD eDiscovery is AccessData’s holistic e-discovery product that integrates a collection of early case assessment features with the advanced final review functionality of Summation. It covers the entire e-discovery lifecycle from Litigation Hold to Final R ...

VendorAccess Data
Pricing ModelCommercial
Modified