Research Article
Online Acquisition of Digital Forensic Evidence
@INPROCEEDINGS{10.1007/978-3-642-11534-9_12, author={Mark Scanlon and Mohand-Tahar Kechadi}, title={Online Acquisition of Digital Forensic Evidence}, proceedings={Digital Forensics and Cyber Crime. First International ICST Conference, ICDF2C 2009, Albany, NY, USA, September 30-October 2, 2009, Revised Selected Papers}, proceedings_a={ICDF2C}, year={2012}, month={5}, keywords={Digital Forensics Evidence Remote Hard Drive Acquisition Imaging Internet Verification}, doi={10.1007/978-3-642-11534-9_12} }- Mark Scanlon
Mohand-Tahar Kechadi
Year: 2012
Online Acquisition of Digital Forensic Evidence
ICDF2C
Springer
DOI: 10.1007/978-3-642-11534-9_12
Abstract
Providing the ability to any law enforcement officer to remotely transfer an image from any suspect computer directly to a forensic laboratory for analysis, can only help to greatly reduce the time wasted by forensic investigators in conducting on-site collection of computer equipment. RAFT (Remote Acquisition Forensic Tool) is a system designed to facilitate forensic investigators by remotely gathering digital evidence. This is achieved through the implementation of a secure, verifiable client/server imaging architecture. The RAFT system is designed to be relatively easy to use, requiring minimal technical knowledge on behalf of the user. One of the key focuses of RAFT is to ensure that the evidence it gathers remotely is court admissible. This is achieved by ensuring that the image taken using RAFT is verified to be identical to the original evidence on a suspect computer.