I question five here. Uh, okay. So, uh, what's your favorite ever met tree future? Right.
Um, that's my favorite feature. Uh,
I think my favorite feature at the moment would have to be our collective support.
I'm not sure if you're not sure if you're using it yet, but, um oh, my God. A feature of my using.
Um Well, let me know. Um, but I think it's really only this year that we've we've, uh, launched it. So,
um, you know, computer forensics dangles or everywhere Ever met trees don't well based, unfortunately, But, you know, that's the hard decision we had to make. The
collective feature has taken what used thio involve a bunch of third party tooling steps to make life a whole lot more streamlined. So,
um, with our collective feature, we can
plugger driving Thio windows, computer running. You've met tree controller. We can
within 30 seconds, depending on the hard drive. We can actually format that drive as a as an admit tree, dead boot. Prevision it with a profile off what particular artifacts he wanted to collect. And with what priority
on Beacon Burn a license that's paired with that particular hard drives
into the hard drive, and then you can walk away and plug it into a computer and do an acquisition without needing to connect it with the controller. Ah, without even needing to do much at all at the keyboard because it XP reconfigured
and without importantly, needing to dangling. So,
you know, if you're dealing with acquisitions of surface pros, et cetera, that have only got one USB
Um, and, uh, the keyboard is a little bit dodgy, just plugging in 11 drive and booting into it and then walking away. And five minutes later, having a full image is a pretty convenient. All right, So I told you gotta test that when I get back to the office. I'm all about that.
no, I mean, because that's one of those topics that comes up all the time with, uh, I'm sure you take these phone calls people like, Well, can't you just do the forensic collection remotely for me?
And it's like if you had if you had a stable platform. We've tried a lot of different solutions for doing that,
but you know,
if you have a working solution for for that where you could just plug it in and let go. That's that's awesome.
Yeah, that's Ah, that's that's that's super convenient. Um, the other one, that sort of talking about the remote
is, uh, that we like using for kind of
pre screening, whether or not cases worth taking on, sometimes he's too. D'oh
is to use our cloud based agent and a live agents to do kind of a remote triage. So,
um well, quite regularly spin up, eh?
Server in in I ws or whatever, that's running the elementary cloud agent
um and then we'll get a remote session on a PC. That's a few hours drive away
will install the elementary live agent there, and then we'll kick off a,
um a normally a partial acquisition of all the high value stuff on, and that'll get us
most of the artifacts that we would name for a
I think theft investigation, enough to really get an idea of whether or not that computers that way we want to either have sent to us. So we want to go for a long drive on, do a full acquisition off
from that ability to do focused acquisitions using the normal in your stuff. Is gimmickry powerful?
Yeah, absolutely. Um, actually, we're doing
cloud acquisition as part. Of course, nine. The next one after after this one. Get a lot of the other permutations in there. But, uh,
you know, if this is gonna sound like stupid compared to what you just said, but, uh,
my favorite feature honestly, um, is and I don't mind ogles at all because I got, you know, dogs for days, right?
Um, but ah. Treated too.
Uh, we all. D'oh. Uh, do you do you live in constant fear? Losing a dongle?
Uh, yes. Like especially we're on the road. We do daily dog accounts, like, OK, just to make sure we still got five. Right?
Uh, when When I'm flying, I have a special patch that might always go in and exactly way do the same thing with this little bag. You know, all my dog goes through this bag, I can't lose his bag.
Oh, I have labels. Checklists. Yeah, big. We have big flaming Landers on ours. Like all multi bright colored stuff like this. You don't accidentally set one down. It's, um yeah, it's just everything you could do to keep But anyway, going to rack around. What about true love? Being able to is
popping on the network to guys, you know, stagger hard drives.
And one guy manages all the collections from the controller
and, you know, the other guys just out there popping, you know, dead brute agents in across the network. And you know, we've got
10 or 15 go into the time, and you're basically just on this constant rotation. Just just watching that data just just stream through and
nice set of finished Dr Stacking up over here.
that's kind of revolutionary,
and it allows us to finish. You know, those
there's on site collections like that that you used to be. Let's face it, those were not a lot of fun.
Um, you know, days and she was doing that. And, you know, sometimes you know, we have finished 50 60 70 computers in a day. Easy.
That's great. Yeah, it's without killing yourself yourself
or wanted to kill yourself. How How would you have you? Have you done that? Done the math on how much time slash costs That saving
from a zit,
You know, as you know, no two jobs are exactly the same, even if it's to same. But if you did have to, we're each 40 computers apiece or something like that. There would be something in there that would, you know, throw that off. But but no, haven't haven't haven't really compare that, I think which we got started. And we really incorporated a veteran. You know,
this is our core tool for our collections.
Um, I don't think I ever looked back, and I just
It's just just better and easier. This kept kept going forward with it.
Gonna love to hear that.
I know, right? It's like trying to sell your tool or something crazy.
All right. Um
Computer Forensics File Formats: Why you Should be Using AFF4
If you’re not using AFF4 (Advanced Forensics File Format v4) then your forensics process is ...
1 CEU/CPE Hours Available
Certificate of Completion Offered
MITRE ATT&CK Defender™ (MAD) ATT&CK® SOC Assessments Certification Training
This course prepares you for the ATT&CK® Security Operations Center Certification. In this course, students ...
2 CEU/CPE Hours Available
Certificate of Completion Offered