In the past, I've been interested in such concept for remote data recovery and performed some tests locally.
The idea was to use a SSH client like Putty on the computer that the investigator uses and have a SSH server on the remote machine.
Ultimately, the concept was to remotely pass commands to a Linux Live-CD distribution.
I hoped on could use a service like whatsmyip.org to find the IP of the remote computer.
But I'm not IP skilled enough in public vs private IP addresses and I could not find the time to bring the proof of concept.
I remember that one challenge was passing through the router firewall, which involved removing protection on port 22, a procedure that may vary from router to router.
I believe the IT competency of the remote customer can be a bottleneck that is not to neglect.
For some people, following a procedure can be hugely complicated, even if it seems easy to you. That said, I'm still intested in the question.
If the remote computer is running fine, and of course depending on what kind of investigation you want to do, you might consider using tools like TeamViewer(.com). Of course, it's not suitable for serious forensics.
↧
