mynick <anglomont@yahoo.com> writes:
> Would you recommend some software package that can image a complete
> (not only used clusters) online network disk(share)?
> tnx
I was perusing the 2nd edition of Harlan Carvey's Windows Forensic
Analysis book just last night, and recall a mention of something that
might fit the bill rather early - perhaps even in the Introduction. I
recall it being remote and read only imaging.
A little googling led to this possibly helpful article:
http://www.darkreading.com/security/management/showArticle.jhtml?articleID=211600781
ProDiscover out of those results looked familiar for some
reason--perhaps from Carvey's book. Their incident response product
appears to do what you want, but it leverages a remote agent and can't
work simply over the SMB share. I doubt you can get to the level you
seem to be looking for over a standard SMB share anyway, so that it
relies upon an agent shouldn't be seen as a detriment:
http://www.techpathways.com/DesktopDefault.aspx?tabindex=3&tabid=12