Announcement

Collapse
No announcement yet.

9.1 Alpha 3 - Remote forensics investigation

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • David (PassMark)
    replied
    Beta 4 is now available. If you turn on debug mode you should get a debug log
    https://www.osforensics.com/download...9_1_Beta_4.exe

    Leave a comment:


  • Tim (PassMark)
    replied
    There is a new beta build available now to try.

    We'll also add the ability to use the global "Debug mode" flag in the next release.

    Leave a comment:


  • lauzona
    replied
    Hi David,
    cool News I try that after you make a new Version downloadable

    best

    Andre

    Leave a comment:


  • lauzona
    replied
    Hi David
    I found a second Issue the Remote Process stop responding I try why and found that the User activity are here make such a Problem.
    If I try a remote acquire step by step all works but if I try user activity the osf64 process hang at target
    In OSF I get than a Message that remote process is not responding.

    Is there a way start remote acquire in debug mode ?


    best

    Andre

    Leave a comment:


  • David (PassMark)
    replied
    We have fixed a problem with the config file. We'll do a new release on Monday to try.

    Leave a comment:


  • lauzona
    replied
    Hi David
    the Logs are smaller I await I have send two Mails one with Logs and second wire some screenshots.
    hope the mails have arrived you
    best

    Andre

    Leave a comment:


  • David (PassMark)
    replied
    We'll have a look at the issues.
    But we don't seem to have received an Email with a Dropbox link.

    But I think it is fair to say, if you are doing remote data collection, you need a stable network link. But of course we need to make sure it fails gracefully if the network isn't available and that the operation can be re-tried once the network comes back.

    Leave a comment:


  • lauzona
    replied
    Hi David,

    I tryout something the process OSForensic.exe stay alive if a Remote session was broken
    that's why I can not run again a Computer where the remote acquire was broken.

    I make a Dump File (Debug Mode) where your team can see hole Problems


    They are
    1 save /load config
    2 Sessin Broken
    3 No Connect wrong password (but PW is 100% the real one)

    I put tha Files in my Dropbox and send your Support a Link for download.

    best

    Andre

    Leave a comment:


  • lauzona
    replied
    Hi David

    I try the Features but run into Problems the Main Problem ist that if I save the Config OSF ask
    for Password for decryption if I try reopen that saved config I get Click image for larger version

Name:	Screenshot 2021-11-04 Do. 11.17.22.png
Views:	143
Size:	65.4 KB
ID:	51662
    There are some other Problems like if Network is not online (Aquire with VPN) the hole process broke and after that
    OSF can't connect to same Host again told me Password wrong (same than load config)

    First of all cool Idea and nice feature I can not use it if I must run OSF hole Time but it will give me more Options
    But it looks there are some Problems first of all nobody can guarantee a stable running network connection if that
    is a must have I can also mount c$ in my OSF VM than I not need Remote Aquire

    I am very interested for that feature let me know if I can do some tests to solve the Problems ok

    best

    Andre

    Leave a comment:


  • David (PassMark)
    replied
    As of yesterday a V9.1 Beta release is available. This has some better documentation of the requirements & method for remote acquisition. If you encounter any problems, or if anything doesn't make sense, please let us know.

    Forensics remote acquisition

    Leave a comment:


  • lauzona
    started a topic 9.1 Alpha 3 - Remote forensics investigation

    9.1 Alpha 3 - Remote forensics investigation

    Hi
    I try 9.1 Alpha , so cool that I can now run Remote Investigation since I use OSF that was a Feature I miss .
    in next few days I use that to try my Malware Investigations with OSF remote, I isolate PC with Cortex from Network
    only OSF Share and Shell access from my Analyzer PC are allowed , than I can try use OSF in my Workflow others than
    capture hole Hard Disk.

    Very cool feature for me

    best

    Andre
Working...
X