Browser unable to execute script; please use the site map to navigate the site.

A Live-System Forensic Evidence Acquisition Tool

Koen and Olivier


(Citation)Citation information

R. Koen and M. S. Olivier. “A Live-System Forensic Evidence Acquisition Tool”. In: Advances in Digital Forensics IV. Ed. by I. Ray and S. Shenoi. Springer, 2008, pp. 325–334


Evidence acquisition is concerned with the collection of evidence from digital devices with the intent to be analyzed at a later point in time. It is extremely important that the digital evidence is collected in a forensically sound manner using acquisition tools that does not endanger the integrity of the evidence in question. This paper discusses the development of a forensic acquisition system that may be used to access files on a live system without compromising the state of the files in question. This is done in the context of an open-source forensic framework called the Reco platform: the enabling technology that was used to develop the prototype with great efficiency in a relatively short amount of time. The implementation of the prototype as well as the results obtained are also discussed.

(Full text; password required)Full text

A pre- or postprint of the publication is available at
Note that a username and password are required to download the full text. (Why?) Please e-mail me and I will send you a username and password.

(Authoritative version on publisher's site)Definitive version

The definitive version of the paper is available from the publisher.
DOI: 10.1007/978-0-387-84927-0_25

(BibTeX record)BibTeX reference

author={Renico Koen and Martin S Olivier},
title={A Live-System Forensic Evidence Acquisition Tool},
booktitle={Advances in Digital Forensics IV},
editor={Indrajit Ray and Sujeet Shenoi},
pages={325-334} )