A Live-System Forensic Evidence Acquisition Tool

Koen and Olivier


Citation information

R. Koen and M. S. Olivier. “A Live-System Forensic Evidence Acquisition Tool”. In: Advances in Digital Forensics IV. Ed. by I. Ray and S. Shenoi. Springer, 2008, pp. 325–334


Evidence acquisition is concerned with the collection of evidence from digital devices with the intent to be analyzed at a later point in time. It is extremely important that the digital evidence is collected in a forensically sound manner using acquisition tools that does not endanger the integrity of the evidence in question. This paper discusses the development of a forensic acquisition system that may be used to access files on a live system without compromising the state of the files in question. This is done in the context of an open-source forensic framework called the Reco platform: the enabling technology that was used to develop the prototype with great efficiency in a relatively short amount of time. The implementation of the prototype as well as the results obtained are also discussed.

Full text

A pre- or postprint of the publication is available at https://mo.co.za/ask/liveacq.pdf.
Note that a username and password are required to download the full text. (Why?) Please e-mail me and I will send you a username and password.

Definitive version

The definitive version of the paper is available from the publisher.
DOI: 10.1007/978-0-387-84927-0_25

BibTeX reference

author={Renico Koen and Martin S Olivier},
title={A Live-System Forensic Evidence Acquisition Tool},
booktitle={Advances in Digital Forensics IV},
editor={Indrajit Ray and Sujeet Shenoi},
pages={325-334} )

Beta version of new bibliography database; please report errors (or copyright violations) that may have slipped in.