With our updated Incident Response Suite, we have two new tools that are definitely worth putting in your toolbox. The first program Clustout is simple enough, select a cluster or a set of clusters and you can extract them from either FAT or NTFS and write them to a file or a set of files. By judicious use in selecting clusters you have a forensics grade un-erase tool!
The other tool that we have added to our set is GetStream. Originally built to extract Alternate Data Streams, this tools is great as a simple way to extract a file or stream. It's log even provides the documentation of the MFT and runlist for non-resident files. Both of these tools use the results of FileList as an easy way to identify the data that interests you.
Have an older version of the Incident Response Suite? Our upgrades are worth the effort if your version is over a year old. Contact us for more information.
Stealth for Servers?
The Stealth tools were created to quickly identify misuse of workstations without changing any possible evidence. Grant Thornton LLP started using the Stealth Suite to quickly tell if more investigation is necessary, a very cost effective alternative for them and their clients. So imagine our surprise when they called and asked how to go against a SCSI drive. Want to know how they did it? Given some general guidelines they got it working, they're willing to share with you how to get NTA Stealth to work with SCSI.
Probation and Parole
We've mentioned before that NTA Stealth can be a breakthrough technology for anyone that has to monitor computer usage. Here's how we know that the Stealth Suite is starting to make an impact with Probation and Parole Departments. Check out this article by Corrections Connection on Sex Offender Supervision and Technology.
We finally did it, we updated our manual for the first three days of the Computer Forensics Course. If it's been awhile since you've had a refresher course call us for special pricing for a course that we always get rave reviews for from our students and now also add a valuable updated reference book to your collection.
Please direct E-Mail to: