Mastersthesis
Enabling the Remote Acquisition of Digital Forensic Evidence through Secure Data Transmission and Verification
Contribution Summary
This thesis proposes RAFT, a system designed to facilitate remote acquisition of digital forensic evidence. RAFT enables law enforcement officers to transfer images from suspect computers to forensic labs for analysis, reducing the time wasted by investigators in conducting on-site collection of computer equipment. The system implements a secure, verifiable client/server imaging architecture, ensuring that the evidence gathered is court-admissible. RAFT is designed to be user-friendly, requiring minimal technical knowledge. The system's primary focus is on ensuring the integrity and admissibility of the evidence, achieved through verification of the image taken using RAFT against the original evidence on the suspect computer. This thesis contributes to the field of digital forensics by providing a secure and efficient method for remote acquisition of digital evidence.
Keywords: Digital Forensics; Remote Acquisition; Secure Data Transmission; Verification; Court-Admissible Evidence; Law Enforcement; Computer Evidence; Forensic Analysis
Abstract
Providing the ability to any law enforcement officer to remotely transfer an image from any suspect computer directly to a forensic laboratory for analysis, can only help to greatly reduce the time wasted by forensic investigators in conducting on-site collection of computer equipment. RAFT (Remote Acquisition Forensic Tool) is a system designed to facilitate forensic investigators by remotely gathering digital evidence. This is achieved through the implementation of a secure, verifiable client/server imaging architecture. The RAFT system is designed to be relatively easy to use, requiring minimal technical knowledge on behalf of the user. One of the key focuses of RAFT is to ensure that the evidence it gathers remotely is court admissible. This is achieved by ensuring that the image taken using RAFT is verified to be identical to the original evidence on a suspect computer.
BibTeX
@mastersthesis{scanlon2009RemoteAcquisition,
author = {Mark Scanlon},
title = "{Enabling the Remote Acquisition of Digital Forensic Evidence through Secure Data Transmission and Verification}",
booktitle = "{MSc Thesis}",
school = {School of Computer Science},
year = 2009,
address = {University College Dublin},
url={https://www.markscanlon.co/papers/EnablingRemoteEvidenceAcquisition.php},
month = 09,
abstract="{Providing the ability to any law enforcement officer to remotely transfer an image from any suspect computer directly to a forensic laboratory for analysis, can only help to greatly reduce the time wasted by forensic investigators in conducting on-site collection of computer equipment. RAFT (Remote Acquisition Forensic Tool) is a system designed to facilitate forensic investigators by remotely gathering digital evidence. This is achieved through the implementation of a secure, verifiable client/server imaging architecture. The RAFT system is designed to be relatively easy to use, requiring minimal technical knowledge on behalf of the user. One of the key focuses of RAFT is to ensure that the evidence it gathers remotely is court admissible. This is achieved by ensuring that the image taken using RAFT is verified to be identical to the original evidence on a suspect computer.}"
}