|FAQ - LiveDiscover™ Forensic Edition|
- What do I get with LiveDiscover FE?
- I just double-clicked on the LiveDiscover icon and it is prompting me for a file, what should I do?
- Once LiveDiscover FE loads, I don't know what script I need to scan with?
- How many computers can I scan with LiveDiscover?
- I was trying to do a full discovery against an IP range and nothing is happening. What do I need to do?
- Why don't all of the machines I found show an operating system?
- How can I quickly get a list of all the shares in my network after completing a scan with LiveDiscover FE?
- I was playing around in the tool and noticed there is a Script tab; however I don't know what it is for or how to use it?
- Is there anyway this tool can provide a list of Trojans in my network?
- Does LiveDiscover FE find anything other than computers in a network?
- What is the difference between Quick Discovery and Full Discovery?
What do I get with LiveDiscover FE?
When you purchase LiveDiscover FE, you will receive an installation CD, an HPV required for use, all user manuals and documentation are included on the installation CD.
I just double clicked on the LiveDiscover icon and it is prompting me for a file, what should I do?
When you launch LiveDiscover FE, it looks for a scan database to work from. If you are starting a new scan, simply provide a name for the new database.
Once LiveDiscover loads I don't know what script I need to scan with?
LiveDiscover FE has the capability to use different scripts to scan multiple environments; the most widely used script is the 000Default.scp which will scan a mixed environment.
How many computers can I scan with LiveDiscover?
LiveDiscover FE allows you to scan up to four subnets at one time, each of which could contain 254 IP addresses; however the likelihood of all those IP addresses being assigned is low.
I was trying to do a full discovery against an IP range and nothing is happening. What do I need to do?
The first thing you should do is to check that the range option (not the database option) is checked. The difference is that the range option allows for scanning using a defined range, and the database option will allow scanning against an already populated database. The current version of LiveDiscover FE has the range option selected by default.
Why don't all of the machines I found show the operating system?
If Auto OS Analysis is not checked in the Settings tab, machines will not be analyzed to determine an operating system. To do the analysis after the fact, go to the utilities tab and click the "Analyze OS" button. Before you do your next scan, make sure to check the OS Analysis on the Settings tab. The current version of LiveDiscover FE has this option selected by default.
How can I quickly get a list of all the shares in my network after completing a scan with LiveDiscover?
Simply go to the reports tab and then click the windows tab in the middle of the page. On this page you should see a button called Shares where you can find a list of the shares in the windows network.
I was playing around in the tool and noticed there is a Script tab; however I don't know what it is for or how to use it?
LiveDiscover FE allows investigators to generate their own scripts. It is actually very easy to add some capability. On the left side of the screen, right click and select "New Port Discovery." Provide a name for the script and fill in the port number and a short description. Once complete, drag the new script into the logic tree on the right hand side based on where you want to check for your new script.
Is there anyway this tool can provide a list of Trojans in my network?
LiveDiscover FE is a port scanning tool that does have the capability to flag default Trojan horse ports. Due to the fact that it is only discovering ports, there should still be some determination from the investigator as to if there is an actual Trojan running on target boxes. If you want to import the Trojan port capability to a regular scan, go to the Utilities tab and select the import script button and select 007wintrojan.scp.
Does LiveDiscover find anything other than computers in a network?
Computers, Network Printers, Routers and Hubs will all show up with LiveDiscover FE provided they have assigned IP addresses that fall within the scan range.
What is the difference between Quick Discovery and Full Discovery?
Quick Discovery will report if there was a response from a box and map out the network. The Full Discovery option will try to perform some of the advanced net use commands embedded in the scripts. To provide administration credentials, go to the Settings tab and fill in an appropriate credentials in the USER and PWD boxes.