EvidenceMover – Tool to Copy Evidence Between Locations

Nuix EvidenceMover is a tool designed to copy evidence file images from one storage location to another. It creates a hash of the files before and after moving to ensure the data has been copied accurately, and to maintain the chain of custody.

Evidence Mover - Tool to Copy Evidence Between Locations
EvidenceMover – Tool to Copy Evidence Between Locations

The tool will be effective when you are looking to copy images, logs or network data such as PCAP files and you want to make sure that you automatically verify digital evidence integrity without missing or modifying information and data. This will copy any number of files in a directory to the selected destination.

Once the files copied EvidenceMover will generate 2 log files one is the Transfer log this is located in the destination folder where it include the date and timestamp for copying the file, hash of each file to confirm there was no missed or modified information in the evidence.

The second log file is error log file which will list error logs in case the operation was not successful from the first attempt. the current version for this tool is 6.2 and it will reduce time consumed for manual verification during the incident response process and confirm that the data collected according to security best practices.

All information in the transfer log file and investigation should be documented and verified. This may help to identify information sources and trace all changes made or modified during the analysis.

You can read more and download the tool over here: https://www.nuix.com/download-your-free-copy-nuix-evidence-mover

Notify of
Inline Feedbacks
View all comments