该 subreddit 专注于数字取证领域,涉及从各种数字设备中恢复和调查材料。用户询问如何高效处理大规模法律保留笔记本电脑的收集工作,并寻求自动化或简化流程的方法。 2025-9-5 02:18:42 Author: www.reddit.com(查看原文) 阅读量:7 收藏
Dedicated to the branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. This field involves the application of several information security principles and aims to provide for attribution and event reconstruction following forth from audit processes. This subreddit is not limited to just personal computers and encompasses all media that may also fall under digital forensics (e.g., cellphones, video, etc.).
Hi all,
I’m looking for some advice from others who have handled high-volume legal hold laptop collections.
We regularly receive a large number of custodian laptops (both Windows and macOS) that need to be collected. Our standard workflow is to only acquire the Users folder for each system — nothing full-disk. • For Windows, we’ve been using FTK. • For Mac, we’ve been using Recon ITR.
The process works, but when we’re dealing with dozens of machines it becomes pretty time-consuming. I’m curious if anyone has had success with automating or streamlining this kind of targeted collection at scale.
如有侵权请联系:admin#unsafe.sh