Pro-active? No idea. When we have to collect evidence, we do the following: 1. Confiscate the hardware.2. Make copies.3. Run discovery software. If you can, do this on the copy you made, not the original. The software we use is OSForensics, the free edition. I'm sure there are some much beefier programs out there. Also useful (for us in particular) is the BrowsingHistoryView from NirSoft. It allows you to quickly create a view of all browsing history on a computer broken down by user, which is often what we need to investigate.
--Matt Ross Ephrata School District John Bonner <[email protected]> , 4/29/2014 8:44 PM: Hello, I am looking for some recommendations on forensics recovery software. I (the company really) am willing to throw some $$$ at it as well. We often (not always) have proprietary / patentable information exposed to us by our clients and looking for a way to handle a situation should it arise with an employee. I am interested in two things. Postumous recovery. Deleted files / browser cache / history to see what sites were visited / recover deleted files and such.Pro-active monitoring that we could incorporate into our base install. Something that runs unbeknownst and perhaps when files are "deleted" really are moved to a secret partition or along those lines. I personally have used r-tools and have been pleased with the results but I think the execs are looking for a more enterprise grade product. Thank You for your thoughts / recommendations JB
