Forensic Software Recommendations

New Contributor II

Just seeing if anyone might have some recommendations on forensic software?
We have Macs and iPads, but my main focus is for the Macs. I'm a K-12 and with the current climate of school shootings, want something in my toolbag for my devices should something arise.



Contributor III

In K-12 You need to be very careful about what you can and cannot do according to your policy. I'm going through something right now where a student was trying to break into our network. He had a kali vm and a bunch of network monitoring tools. Because it isn't outlined very specifically in our policy there isn't a lot we can do legally as far as investigating. I would talk to your administration first before using anything.

Valued Contributor III

second @Asnyder

Make sure your administration is behind everything you are doing as you don't want to be in a courtroom. That being said, I don't use any forensic software per se, BUT, I have been instructed by my upper administration to provide access to the police immediately at their request in an investigation. Usually, the cops are the ones that handle the forensics on their end...I just get them past the passcode screen. It works well and I can thus claim simply that I was simply "following an order from a higher up to provide access to a district-owned device" if I am ever needing CYA material.

Practical advice is keep your MDM functional on devices, updated and test from time to time. That way you can provide access to the police on demand if that is your district's policy.