Just installed 0.2.10-1 on server side (Ubuntu 14.04 lts). Installation runs without any problem. Now I need to setup some test clients to play with them which needs some more time.
Autopsy/ Sleuthkit is no problem/ limitation on my side as I use it actually. It looks like that Autopsy 3.1.x will show some big improvements.
For Timeline I use plaso/ 4n6time which is currently much better than the basic timeline function in Autopsy 3.0.10. But looking forward to see the new Autopsy 3.1.x this year.
But what's your experience to use it for reporting?
Have you established a 4 eye workflow/ legal sign off to access data on the client?
I had an anti forensics case in house right now which shows the need of some kind of remote agent usage to collect evidence which is not stored in logs/ registry. RAM analysis is the goal to fight back.
↧