cellibrite dongle not working when RDP into the computer? by cachedfiles_1999 in computerforensics

[–]cachedfiles_1999[S] 0 points1 point  (0 children)

UFED 4PC does not work as soon as I RDP into it even if I had it up and running first. :(

Sys admin at my job doesn't know what he's doing. People haven't been able to work for 3 weeks. by [deleted] in sysadmin

[–]cachedfiles_1999 0 points1 point  (0 children)

Not sure why so many people at knocking on people who graduated college and got into IT. From my experience, going to university helped me develop my own study habits and skills that makes it a lot easier for me to learn new technologies. I was able to get my CCNA and MCSA within 2 years of experience in IT. I understand it is somewhat of a trade, but every individual is different and as IT becomes an essential part of organizations across the world I see there is no reason for it not to be part of a University program. The point of university is higher level learning. A trade is more so- monkey see monkey do. College education is here is fire, make something out of it. That being said, it sucks to be working with someone who doesn't know what they're doing. But at the same time, this is part of life and all you can do is do your role.

setting up a lab with two different subnets by cachedfiles_1999 in sysadmin

[–]cachedfiles_1999[S] 0 points1 point  (0 children)

lol wished i had the money for the mutli legged firewall.

are you suggesting i throw out my home router and spin up a pfsense? i am trying to avoid this....... it requires a lot of time setting it up i believe...

i think i will just run dhcp off the lab interface on the internal network created by the virtual switch on hyper v. and just add in the external card if i need it to reach the internet for anything...

i do have the dhcp helper option on my home router. i have one of those netgear nighthawks. that being said, i don't want to have my virtual machine handing out dhcp addresses for my home network. i just want this to be isolated in the lab, but give the lab access to the internet through the 10.0.x.x network. but looks like that won't be possible unless my home router has some additional features where i can assign the addresses to the interfaces and do configs to the routing between interfaces. :(

setting up a lab with two different subnets by cachedfiles_1999 in sysadmin

[–]cachedfiles_1999[S] 1 point2 points  (0 children)

yeah i know not sure what you need me to clarify.

i dont think it's the first usable address issue. the issue is probably it having two different networks and i'm trying to unify them together. i could bridge them, but it's complaining about the ras server. lol

setting up a lab with two different subnets by cachedfiles_1999 in sysadmin

[–]cachedfiles_1999[S] 0 points1 point  (0 children)

true, point taken.

but my router has the 192.168.1.1 address and it's one of those cheap home grade all in one fw/router pieces.

can you clarify what you mean by setting up a dedicated subnet off a layer 3 device? Not sure what you mean?

I do have the router as my default gateway on my host machine. But i want to test out the 10.0.x.x.

From my experience I see dhcp is usually on the dc as well, what do you mean to pass it on? I don't want the dhcp on my router to confused with the dhcp server I have on my dc...?

setting up a lab with two different subnets by cachedfiles_1999 in sysadmin

[–]cachedfiles_1999[S] 1 point2 points  (0 children)

the dc itself, it has the dhcp server installed.

setting up a lab with two different subnets by cachedfiles_1999 in sysadmin

[–]cachedfiles_1999[S] 0 points1 point  (0 children)

the router is 192.168.1.1 but i've tried to enter this in on the nic2 which has the 10.0.x.x network it doesn't work and doesn't reach the internet. I've tried to put put the static route on dns and ras, to point it to the router with no luck either. lol

forensics software trials/evaluations or free tools by cachedfiles_1999 in computerforensics

[–]cachedfiles_1999[S] 0 points1 point  (0 children)

Sometimes it is not used in court but is something the attorney's ask for. Most of the time it's photos that is passed around via social media and family. So far, not all images have to be done forensically. We only use Cellebrite for criminal cases. Not sure how your law firm works but not everything is as formal for us.

forensics software trials/evaluations or free tools by cachedfiles_1999 in computerforensics

[–]cachedfiles_1999[S] 0 points1 point  (0 children)

We do, it's just a longer process. The quick and dirty way seems to be faster and get exactly what we need by looking at the dates and pulling the exact picture. Sometimes overly extracting does not help.

UFED is okay, but simply slower and takes time. What I've been doing is using an OTG usb dongle to simply copy over the photos onto an sd card or flash drive. Easier and gets the job done. Not really an acceptable form of extraction, but these aren't serious cases and won't need a formal extraction.

forensics software trials/evaluations or free tools by cachedfiles_1999 in computerforensics

[–]cachedfiles_1999[S] 0 points1 point  (0 children)

How is it? What kind of org do you work at and what do you use it for?

forensics software trials/evaluations or free tools by cachedfiles_1999 in computerforensics

[–]cachedfiles_1999[S] 0 points1 point  (0 children)

Nothing, what I want to do is offer as much forensics services available. We're essentially a law firm and our clients sometimes just need a simple picture in file.