Forensics best practices - data location and cryptcat.
Posted on 2007-10-11
I'm creating a forensics CD and I'm trying to decide on the best way to accomplish my goal as I am stuck between a rock and a hard place. The output from my forensics disk is more than the 1.44 mb that fits on a floppy. I cannout output the data there. I cannot use a USB stick in many cases as the USB is turned off. I need to store the data before I use Cryptcat to send the information to the forensics server. If I save the information to a local hard drive, I am altering the hard drive and I want to avoid that. Network drives do not work as I would have to alter the local image. I wanted to get someone's opinion on the best practices concerning forensics in these situation.
P.S. If you know a way for me to program the output to send to Cryptcat without creating a local file, it would be an acceptable option. I know I'll need to create a local hash on a floppy for output to hash the file as well and that is a consideration.