ghacks Technology News

Evidence Collector

Have you ever asked yourself what law enforcement agencies would find when analysing your computer ? How their tools would look like and what they would be checking ? If you answered the questions with yes you might want to try out Evidence Collector (via Techtrends) which is a forensic computer program. Evidence Collectors main purpose is to help with IT incidents but it can give a solid impression on how such tools work generally.

It’s a standalone tool which means it can be run from external devices connected to the computer which is definitely a prerequisite for all forensic tools. It analyses the user level at startup and displays information like the local IP and hostname. A click on Start Collecting processes 14 sequences, some with subsequences, that collect data and write that data into logfiles in the Evidence Collector directory.

The software did write 25 different log files into the log directory including a list of opened files, installed applications and processes. Evidence Collector concentrates on hardware and software only while law enforcement agencies would definitely scan the computer for files as well, probably using a software like Locate to find information in filenames and contents.

evidence collector

A detailed list of what is analysed:

  • Shares and policies applied on shares
  • Started and stopped services
  • Installed software
  • Installed Hotfixes
  • Enumerated Processes
  • Events logs
  • TCP / UDP mapping endpoints
  • Process handles tracking
  • List start-up programs
  • Suspected modules
  • Users policies
  • USB history

Evidence Collector is a free software currently in beta. There is no information on the homepage about compatibility, it runs fine on my Windows XP Service Pack 3 system.

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.

Related Articles:

Txt Collector
Computer Online Forensic Evidence Extractor
Massive Extender Adds Batch Installs To The Mozilla Add-On Collector
The Image Collector, Download Images From The Internet
PC Audit



About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.

Author: , Thursday June 5, 2008 -
Tags:, , , ,

Previous Post: Youtube Annotations

Next Post: How does Plurk work?

Click on the following link(s) to read more about Security, Software, Windows

Responses so far:

  1. Thomas Murphy says:
    June 5, 2008 at 10:33 am

    The BIG BROTHER now on your PC.

    Reply
  2. darkkosmos says:
    June 5, 2008 at 10:59 am

    My school has this sort of thing but it isn’t much use l0l, I either usb boot XP or go in safe mode and terminate it’s service. Although I agree it’s big brother :<

    Reply
  3. linked says:
    June 6, 2008 at 12:37 am

    What you guys are sayin ??
    this aint big brother .. this could prevent from any attempt to inject rootkit or any trojan.
    This tool acts as master coordinator of many other utitlities.

    Reply
  4. Bruno says:
    June 6, 2008 at 12:46 am

    I’m suprise bye USB.AccessHistory.log, impresive ^^

    Reply

Leave a Reply   Follow Ghacks   Subscribe To Comment Rss

Subscribe without commenting

 Ghacks Technology Newsletter 
Ghacks Daily Newsletter

Recent Posts


Follow This Blog

Ghacks Newsletter
RSS Feeds
Google+ Page
Facebook Fan Page
Twitter



Popular Articles

Popular Searches

Popular Tags

Topics

Links

About Ghacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular latest tech news sites on the Internet with five authors and regular contributions from freelance writers.

Services

Authors

Martin Brinkmann
Melanie Gross
Mike Halsey
Ryan D. Lang
Jack Wallen

© 2005-2012 Ghacks.net. All Rights Reserved. Privacy Policy - About Us