HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 55 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Forensicsarrow OpenSource tool to image a machine across the network?
EH-Net
May 22, 2013, 10:28:39 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: OpenSource tool to image a machine across the network?  (Read 10855 times)
0 Members and 1 Guest are viewing this topic.
dalepearson
Sr. Member
****
Offline Offline

Posts: 357


View Profile WWW
« on: January 28, 2009, 07:16:39 AM »
Hiya Guys,

is anyone aware of an opensource tool, that can be used to take an image of a machine across the network.

I know EnCase has some tools, but obviously there are cost associated.

It doesnt specifically need to be forensically sound, but it would be ideal incase the investigation was to go further.

Thanks in advance.
Dale
Logged
:: Subliminal Hacking :: / :: Security Active Blog ::
nebu10uz
Sr. Member
****
Offline Offline

Posts: 368



View Profile WWW
« Reply #1 on: January 28, 2009, 09:48:40 AM »

You can use dd and netcat which both tools are opensource to image and send it to a remote host. Check out the following article for a complete example.

http://digiassn.blogspot.com/2006/01/dd-over-netcat-for-cheap-ghost.html
Logged
Security+, OSCP, CEH
jadyason
Newbie
*
Offline Offline

Posts: 7


View Profile
« Reply #2 on: February 15, 2009, 10:00:19 PM »
There are a few projects on SourceForge:
http://sourceforge.net/search/?type_of_search=soft&words=disk+imaging

I haven't used any of them, so can't vouch for how good they are. But this would be a good starting point.
Logged
dalepearson
Sr. Member
****
Offline Offline

Posts: 357


View Profile WWW
« Reply #3 on: February 16, 2009, 04:38:46 AM »
Cheers guys I will have a look.
Logged
:: Subliminal Hacking :: / :: Security Active Blog ::
r_mizell@hotmail.com
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #4 on: May 05, 2009, 02:31:11 AM »
Look into Helix3 at efense.com
They are giving away the Helix2009R1 again.
dd and netcat are on the iso. Capture live or dead
« Last Edit: May 05, 2009, 02:38:01 AM by r_mizell@hotmail.com » Logged
jimbob
Guest
« Reply #5 on: May 05, 2009, 08:21:25 AM »
It's not open source but I believe LinEn can do imaging over a network. It's the Linux version of the EnCase DOS image acquisition tool. I'm not certain if you need to use EnCase on the remote end to grab the image over the network, I've only ever used it to create images to a local disk.

Jimbob
Logged
vijay2
Full Member
***
Offline Offline

Posts: 220


View Profile
« Reply #6 on: May 05, 2009, 08:50:15 AM »
The easiest way as mentioned earlier is Helix and netcat.exe. The netcat is included in Helix distro. For exact commands contact me I would be glad to help you out.

VJ
Logged
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
former33t
Full Member
***
Offline Offline

Posts: 226


View Profile
« Reply #7 on: May 05, 2009, 10:49:09 AM »
If this is windows, I'll put my vote in for Helix.  It's easy to use and gets the job done.
Logged
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
timmedin
Sr. Member
****
Offline Offline

Posts: 469



View Profile WWW
« Reply #8 on: May 05, 2009, 11:07:52 PM »
Do you have to do a live machine (not powered down)? If not, then dd and netcat.
Logged
twitter.com/timmedin | http://blog.securitywhole.com
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #9 on: May 07, 2009, 07:12:40 PM »
Has anyone actually had much luck with imagine the HDD live from a Windows session?   Whenever I have done this, it's bit-shifting galore.
Logged
~~~~~~~~~~~~~~
Ketchup
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.092 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.