Before we can analyze data, we have to secure it. The goal of forensic data acquisition is to create a forensic copy of a piece of media that is suitable for use as evidence in a court of law. When possible and appropriate, the methodology includes write blocking of the source media to ensure that there can be no changes to the evidence that result from the acquisition process. While this is always the preferred methodology, the high uptime demands of corporate server farms and other mission critical systems often preclude this methodology. In these cases Catzen can perform live acquisitions and ensure that system protected files are gathered if necessary.
Catzen utilizes multiple tool and methodologies that permit all types of collections including full physical, logical, onsite and remote.