|
1. Can you Image a Apple Mac with OnScene Invesitgator
Answer: OnScene Investigator (OSI) can be used to forensically view, image, and search Apple Macintosh (Mac) computers. Currently OSI supports Intel Apple Mac, such as the Macbook and Macbook Pro. We will be adding support for Power PC's early 2008.
2. We would like to buy a site license for your software
Answer: Please contact me via the site or your local reseller.
3. What software do you recomend for email investigation
Answer: Parabens email investigator. Or try Aduna.
4. Can I have a free copy of your software
Answer: Yes you can. Beta test the software, offer any useful feedback on bugs and/or functionality and I will give you a full license free of charge.
5. The LAN Card in the suspect- not detected
Answer: Two suggestions that have been successful for our users are:
1. The OSI Boot CD will boot and detect Usb-to-ethernet dongle. Most types are supported. We have used the one below.
Supported USB to LAN ETHERNET
2. Another susgestion is to carry a PCI or PCMCIA LAN card that is supported with you.
If you have any LAN or USB LAN card that are or are not supported we would love the feedback. Please use the contact page.
6. Faster than a Solo or Logicube
Answer: OSI is not faster that a hardware imager on one hard drive. However it is faster if you have 3 hard drives to be imaged. OSI can image an unlimited number of drive simultaneously. The only limitation is how many USB drive you have with you.
7. OSI can save companies time and money
Answer: OnScene Investigator can save corporations thousands of dollars in investigation fees by allowing IT administrators to create forensically sound images of any computer suspected of containing evidence of misconduct. Once the images have been created they can be supplied to an investigator for further analysis, reducing the fees an expert usually charges for imaging.
8. What systems have you used OSI
Answer: I have successfully booted, searched and imaged it on:
Mackbook / Macbook Pro
G5 Model A1207
IBM X60 / X61
Dell Vostro
Dell latitude
Dell Optiplex with Ali RAID card and SATA
XPC Shuttle SATA /IDE
Toshiba Tecra
HP Desktop
NVidia motherboards with SATA
Sony VAIO laptops
Compaq Presario V6000 (nvidia motherboard with SATA)
Dell PowerEdge 1600SC RAID /SCSI (inbuilt USB1.1)
Toshiba Satellite A70
9. Why is your spelling so bad
Answer: It takes a very unimaginative person to only spell things one way.
10. OnScene is not detecting the correct network card
Answer: Please contact me and i will attempt to add the drivers for the cards in question.
11. Who helped you with OnScene Investigator
Answer: Thanks to all the people who helped with OnScene Investigator as an idea and program.
Russell Jeffery - for all the graphics and icons. Russell is a brilliant graphic designer - check out his website.
www.emigraph.com
Nigel (The Gun) Carson - for advice, testing and paying half my mortgage.
Nigel.Carson@_fh.com.au
Nigel is the experts, expert.
12. Boot from USB device?
Answer: You can convert the OSI boot CD to a USB drive using the following tool.
Boot OSI from a USB drive
The Process is
1: Plug in your 256+ meg USB drive
2: Run Unetbootin.exe
3: Select the location of the OSI Boot CD
4: Select the location of the USB drive
5: Run
All up about 4 mins from start to finish
13. When I boot with the USB Ethernet dongle it fails
Answer: When using a USB Ethernet dongle you should use a hub. I have found that most USB Ethernet dongles do not recognize a crossover cable.
14. Office files fail to preview
Answer: The preview windows in OSI uses MS Office to view files. if you are experencing this issue please load this registry file here.
15. I am asked for a username and password
Answer: When trying to connect to the suspect you get a Windows login/password screen on the investigator PC.
Answer: The investigator computer you are using is part of a domain, it is windows that is asking for the password not the OSI connection process. The username and password can be left blank.
16. AVG - OSI will not connect.
Answer: AVG antivirus has been known to block the connection between the suspect and investigators computer.
Symptom -The boot disk on the suspect will show as ready, the IP address is correctly set on the investigator PC but OSI will show the suspect as un available.
Solution unblock OnScene Investigator.exe from the AVG block list, then go into the network device and allow
all. Turning off AVG will not unblock the connection.
17. Vista - Investigator PC will not connect
Answer: OSI client on Vista - If you have set the IP on the Investigator PC and you can not connect try turning off the Vista firewall.
Using the Run command
Windows Vista Firewall OFF:
netsh.exe firewall set opmode disable
Windows Vista Firewall ON:
netsh.exe firewall set opmode enable
A link to making a shortcut to do the above.
Create shortcut to turn off Vista firewall
|
Top
