Enabling the Remote Acquisition of Digital Forensic Evidence through Secure Data Transmission and Verification

Providing the ability to any law enforcement officer to remotely transfer an image from any suspect computer directly to a forensic laboratory for analysis, can only help to greatly reduce the time wasted by forensic investigators in conducting on-site collection of computer equipment. RAFT (Remote Acquisition Forensic Tool) is a system designed to facilitate forensic investigators by remotely gathering digital evidence. This is achieved through the implementation of a secure, verifiable client/server imaging architecture. The RAFT system is designed to be relatively easy to use, requiring minimal technical knowledge on behalf of the user. One of the key focuses of RAFT is to ensure that the evidence it gathers remotely is court admissible. This is achieved by ensuring that the image taken using RAFT is verified to be identical to the original evidence on a suspect computer.

[1]  Nasir D. Memon,et al.  ForNet: A Distributed Forensics Network , 2003, MMM-ACNS.

[2]  R. Schaller,et al.  Moore's law: past, present and future , 1997 .

[3]  J.L. Smith,et al.  Some cryptographic techniques for machine-to-machine data communications , 1975, Proceedings of the IEEE.

[4]  Eoghan Casey,et al.  What does "forensically sound" really mean? , 2007, Digit. Investig..

[5]  David H. Kaye Probability, Individualization, and Uniqueness in Forensic Science Evidence: Listening to the Academies , 2009 .

[6]  Golden G. Richard,et al.  Bluepipe: A Scalable Architecture for On-the-Spot Digital Forensics , 2004, Int. J. Digit. EVid..

[7]  Sharath Pankanti,et al.  On the Individuality of Fingerprints , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[8]  Simson L. Garfinkel,et al.  AFF: a new format for storing hard drive images , 2006, CACM.

[9]  Dario V. Forte The State of the Art in Digital Forensics , 2006, Adv. Comput..

[10]  Philip Turner,et al.  Unification of Digital Evidence from Disparate Sources (Digital Evidence Bags) , 2005, DFRWS.

[11]  Indrajit Ray,et al.  Advances in Digital Forensics IV , 2008 .

[12]  Brian D. Carrier Risks of live digital forensic analysis , 2006, CACM.

[13]  Chet Hosmer,et al.  Digital evidence bag , 2006, CACM.

[14]  Bart Preneel,et al.  Cryptographic hash functions , 2010, Eur. Trans. Telecommun..

[15]  G. Richard,et al.  Breaking the Performance Wall: The Case for Distributed Digital Forensics , 2004 .

[16]  Shiuh-Jeng Wang,et al.  Measures of retaining digital evidence to prosecute computer-based cyber-crimes , 2007, Comput. Stand. Interfaces.

[17]  Yuliang Zheng,et al.  GAC - the Criterion for Global Avalance Characteristics of Cryptographic Functions , 1995, J. Univers. Comput. Sci..

[18]  Jivesh Govil An empirical feasibility study of 4G’s key technologies , 2008, 2008 IEEE International Conference on Electro/Information Technology.

[19]  M. Tahar Kechadi,et al.  Online Acquisition of Digital Forensic Evidence , 2009, ICDF2C.

[20]  Helena Handschuh,et al.  Security Analysis of SHA-256 and Sisters , 2003, Selected Areas in Cryptography.

[21]  Roberto Di Pietro,et al.  A Live Digital Forensic system for Windows networks , 2008, SEC.

[22]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[23]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[24]  Stefan Parkvall,et al.  The 3G Long-Term Evolution - Radio Interface Concepts and Performance Evaluation , 2006, 2006 IEEE 63rd Vehicular Technology Conference.

[25]  Golden G. Richard,et al.  Forensic discovery auditing of digital evidence containers , 2007, Digit. Investig..

[26]  Golden G. Richard,et al.  Next-generation digital forensics , 2006, CACM.