OnLine Digital Forensic Suite™

The OnLine Digital Forensic Suite™ (OnLineDFS™) aids investigators and administrators with the forensic task of system assessment following a suspected intrusion and the potential compromise of a host. It can be quickly deployed on any network to perform

• remote forensic investigation
• of a running system
• with very high assurance of security

No software need have been preloaded on the target machines. A web-based interface allows the investigator to connect to OnLineDFS and manage an investigation from anywhere using a wide variety of web browsers and OS platforms. The connection, which need not be high speed, is secured by https, and all data sent across it is encrypted.

Analysis with OnLineDFS is forensically sound—employing accepted best practices to document all actions, preserve the integrity of evidence, and maintain the chain of custody. Data is stored in non-proprietary formats, making OnLineDFS easily extensible with third-party tools.

OnLineDFS can perform live forensics—capturing volatile information from a running system that would be lost if the system were powered down to permit conventional forensic analyses. Important volatile information includes open ports, running processes, related applications and files, network connections, listening servers, and memory. Live forensics provides several important benefits:

1. It is minimally disruptive, avoiding the often prohibitive expense of shuttind down a vital server.
2. It gathers information about the running state of the target computer that cannot be gained any other way.
3. It saves times, enabling a very rapid respone to an intrusion.

See article for a discussion of Live Forensics.

For more information, visit www.onlinedfs.com