So if the FTP is remote, then your analysis will probably be limited to the computer that you access to (depends on the clearance/permission of your role). So like ultrain said, logs and other types of records (packet capture, timestamps,etc) that are on the computer you are examining are usually quite safe (as in okay for you to examine).
an example being:
http://www.forensickb.com/2008/09/parse-iis-ftp-logs.html
If the FTP is in house, you can try to request whoever has control over the FTP server for a copy of the files by the IPs/credentials of the logs you accessed from the computer (the ones we talked about on top), if you have such clearance as a forensics examiner.
If your job does require a bit more of the penetration testing mentality, I suggest you try to get permission for a higher up before social engineering or vulnerability scanning. However, this all really depends on your current set of permissions and situations; think of it more as last last resort.
Here is a sample of what can be done to penetrate a ftp (properly implemented security systems is not so simple), but here may be a good starting point if penetration testing is your only option and you are not sure how secure the FTP service you are penetration testing:
http://resources.infosecinstitute.com/penetration-testing-of-an-ftp-service/
↧