I agree. Guidance Encase is pretty much the standard used by LE, etc. I would stick to that if money is not a major issue, it's something that will be understood by any forensic investigator and is widely used in courts. It will preserve data in a forensically valid, court vetted format. Helpful in chain of custody issues, etc. If it's a serious crime that you plan on taking to court, I would not mess around with the various (and plenty decent) tools out there, I would stick to the standard.
Also, if it's a serious crime, I would recommend getting a good forensic guy. I could provide recommendations offlist if you like. Alex From: [email protected] <mailto:[email protected]> [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: Wednesday, April 30, 2014 1:23 PM To: ntsysadm Subject: Re: [NTSysADM] Forensic Software Undelete / Recovery One of the premiere products in this category: https://www.guidancesoftware.com/products/Pages/encase-enterprise/overview.a spx ASB <http://xeeme.com/AndrewBaker> http://XeeMe.com/AndrewBaker Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market. On Tue, Apr 29, 2014 at 11:42 PM, John Bonner <[email protected] <mailto:[email protected]> > wrote: Hello, I am looking for some recommendations on forensics recovery software. I (the company really) am willing to throw some $$$ at it as well. We often (not always) have proprietary / patentable information exposed to us by our clients and looking for a way to handle a situation should it arise with an employee. I am interested in two things. 1. Postumous recovery. Deleted files / browser cache / history to see what sites were visited / recover deleted files and such. 2. Pro-active monitoring that we could incorporate into our base install. Something that runs unbeknownst and perhaps when files are "deleted" really are moved to a secret partition or along those lines. I personally have used r-tools and have been pleased with the results but I think the execs are looking for a more enterprise grade product. Thank You for your thoughts / recommendations JB
