Working for a counter surveilance company, could use some ideas

By DownRightTired ·
Yesterday I started working part time with an ex-mob muscle man who has gone legit and started a counter surveillance / P.I. company (pretty fun stuff!)

I was hoping you guys could give me some ideas on techniques to use, as Ill be doing anything involved with computers.

One thing they would like to do is copy over a clients hard drive so it can be analyzed in depth later. What would be the easiest/quickest way to do this?

I considered ghosting but then I run into the problem of restoring it on a different computer.

The object would be able to have access to all the files in order to analyze them. Would it be a better idea to buy a HD duplicator and then use Linux to access the files?

I was also hoping for some recommendations on software that could be easily run from a jump drive to search for any kind of key loggers or
spyware that may be running.

I know how to do all these things but was hoping the Republic might have some better or more efficient ideas. :)

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

I can't help but ask what part in all this is played by ...

by OldER Mycroft In reply to Working for a counter sur ...

"Meat-Axe George" ??

Your approach is 'softly softly'.

What does he do ?

Collapse -

This is going to require

by cmiller5400 In reply to Working for a counter sur ...

This is going to require some specialty tools. It is probably going to be in your best interest to read up on forensics and chain of evidence. You may even want to speak with an attorney to find out what the laws are in your state. If you find illegal content, you must report it...

Basically you want to create an exact bit for bit copy of the original hdd then lock the original up. This "master copy" would be the copy from which you would make all working copies from.

Disclaimer: I don't know a lot about this subject. Only that I would leave it to professionals.

Collapse -

HD duplication

by wilfred.baitx In reply to Working for a counter sur ...

I strongly suggest you to consider Virtual machines, create a farm, prefferably ESX farm and virtualize the entire system, that will preserver all the system information as is, including the MAC address and keys if ever needed.

You will have a complete farm of clients you can review at will.

Collapse -

Dedicated HD duplicator, write blocker

by robo_dev In reply to Working for a counter sur ...

There are lots of good free LINUX forensics tools such as dig, autopsy, etc.

Using commercial tools such as enCase looks a whole lot better in court, and enCase does some pretty amzing stuff (you get what you pay for).

You cannot easily detect the really good keyloggers or spyware. What you really have to do is use a protocol analyzer and observe the data stream from the PC.

The best keyloggers are hardware-based, so that would be the first thing to look for.

Collapse -

thanks for the software suggestions

by DownRightTired In reply to Dedicated HD duplicator, ...

ill look into them

Back to Hardware Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums