Enabling the Remote Acquisition of Digital Forensic Evidence through Secure Data Transmission and Verification
This addresses the need for faster and more accessible digital forensic evidence collection for law enforcement, though it appears incremental as it builds on existing remote acquisition concepts with a focus on verification.
The paper tackles the problem of time-consuming on-site collection of digital forensic evidence by enabling law enforcement officers to remotely transfer suspect computer images to forensic labs, resulting in a system (RAFT) that ensures court-admissible evidence through secure and verifiable transmission.
Providing the ability to any law enforcement officer to remotely transfer an image from any suspect computer directly to a forensic laboratory for analysis, can only help to greatly reduce the time wasted by forensic investigators in conducting on-site collection of computer equipment. RAFT (Remote Acquisition Forensic Tool) is a system designed to facilitate forensic investigators by remotely gathering digital evidence. This is achieved through the implementation of a secure, verifiable client/server imaging architecture. The RAFT system is designed to be relatively easy to use, requiring minimal technical knowledge on behalf of the user. One of the key focuses of RAFT is to ensure that the evidence it gathers remotely is court admissible. This is achieved by ensuring that the image taken using RAFT is verified to be identical to the original evidence on a suspect computer.