“A Live-System Forensic Evidence Acquisition Tool”

Koen and Olivier


Evidence acquisition is concerned with the collection of evidence from digital devices with the intent to be analyzed at a later point in time. It is extremely important that the digital evidence is collected in a forensically sound manner using acquisition tools that does not endanger the integrity of the evidence in question. This paper discusses the development of a forensic acquisition system that may be used to access files on a live system without compromising the state of the files in question. This is done in the context of an open-source forensic framework called the Reco platform: the enabling technology that was used to develop the prototype with great efficiency in a relatively short amount of time. The implementation of the prototype as well as the results obtained are also discussed.

