-316x87.png "Rocket Remote Forensic Data Collections")
Every Rocket makes it simple for remote custodians by running a pre-configured collection on the endpoints, so the custodian never has to worry about setup or controls.
Custodians Features:
- Pause and resume the data collection for up to 8 hours without requiring a restart.
- If the internet connection breaks Rocket will retry automatically until it reconnects and will pick up the imaging where it left off
- Rocket runs in memory, so there's no disk writes or software installs required.
What does Rocket do on the computer endpoints?
AWS S3 Storage is Included With Every Data Collection
Preserving Data
- Sends a email request to the endpoint that contains the links for Rocket data collection and speed test.
- From AWS cloud, Rocket runs a pre-selected data collection task on the endpoint, in memory.
- Generates E01 files or 7zip files - both are forensically sound and maintain the folder, file structure and meta data.
Data Transfer
As the froensic images are being created in memory, Rocket is transferring them directly to the pre-selected storage destination
Profiling / Reporting
- Profiles the BIOS, OS, local time, time zone, network information and more.
- Inventories all connected hard drives including make, manufacturer, model, capacity and boot order number.
- Recovers the bit-locker key.
Verification / Reporting
- File and folder preservation confirmation with hash values
- Forensic image verification
- An audit log trail is created for all actions
Why the Drop & Send data preservations for computers are so popular with law firms and custodians
Rocket sends a forensic transport window to the remote endpoint. Loose files and folders can be dragged and dropped into the window, where the data is auto-preserved and transferred to the pre-selected S3 destination.
Custodian Participation:
- Clicks the Rocket link from the designated device.
- Agrees to the collection terms
- Drag and drop loose files and folders into the window (PST's, email, documents, archives and more)
- Rocket will generate a spreadsheet for the custodian that documents the files and folders that were submitted including path, hash value and more
- Clicking Send button will automatically start preserving the data and transfer to the pre-selected S3 destination.
- Receives an email confirmation once the data has preserved, transferred and verified
Our Targeted data preservation option for computers makes it simple to zero-in on the relevant data fast
Rocket has a variety of built in filtering that allows the investigator to get the relevant data from the endpoint without the junk data that would prompt post collection culling.
Custodian Participation:
- Clicks the Rocket link from the designated device.
- Agrees to the collection terms
- Clicks the Start button once the Rocket window appears
- Receives an email confirmation once the data has preserved, transferred and verified
The Full Disk option for computers create a bit-level data acquisition of the physical drive
Rocket will conduct a forensically sound bit level data acquisition of the custodian's hard drive. Choose from all connected drives, all USB drives, or a specific physical drive.
Custodian Participation:
- Clicks the Rocket link from the designated device.
- Agrees to the collection terms
- Clicks the Start button once the Rocket window appears
- Receives an email confirmation once the data has preserved, transferred and verified
The iPhone option can preserve both in logical and targeted mode
Rocket will conduct a forensically sound data acquisition of the custodian's iPhone. Choose from all available data (logical) or a targeted data collection.
Custodian Participation:
- Clicks the Rocket link from the designated device.
- Agrees to the collection terms
- Clicks the Start button once the Rocket window appears
- Receives an email confirmation once the data has preserved, transferred and verified
