I still have not too many informations, the customers asks me to find who and when, in a group of 7 users allowed to log in into, downlooaded a db on his own lapptop(not a business laptop, but his own).
so i suppose i have to do a live acquisition of the disk.
i don't know if i have to do it in full or only in the area in qhich the db is.
and what tools can i use, i used long ago kali
please help…the customer told me that the server is 80 tb, so i will never aquire it.
The job consists in discoverying when one of the 7/8 users of the server downloaded the db of the company, with sensitive informations.
can I take the forensic image of the log file only? where it should be? I read on forensicfocus that I can use Paladin forensic, and I'm downloading it