R Koen and MS Olivier, "A Live-System Forensic Evidence Acquisition Tool," in I Ray and S Shenoi (eds), Advances in Digital Forensics IV, 325-334, Springer, 2008
Evidence acquisition is concerned with the collection of evidence from digital devices with the intent to be analyzed at a later point in time. It is extremely important that the digital evidence is collected in a forensically sound manner using acquisition tools that does not endanger the integrity of the evidence in question. This paper discusses the develop ment of a forensic acquisition system that may be used to access files on a live system without compromising the state of the files in question. This is done in the context of an open-source forensic framework called the Reco platform: the enabling technology that was used to develop the prototype with great efficiency in a relatively short amount of time. The implementation of the prototype as well as the results obtained are also discussed.
Digital Forensics, Live Analysis, Reco Platform
@INPROCEEDINGS(liveacq,
AUTHOR={Renico Koen and Martin S Olivier},
TITLE={A Live-System Forensic Evidence Acquisition Tool},
BOOKTITLE={Advances in Digital Forensics IV},
EDITOR={Indrajit Ray and Sujeet Shenoi},
YEAR={2008},
PUBLISHER={Springer},
PAGES={325-334}
)
The full text may be downloaded from http://mo.co.za/ask/liveacq.pdf (PDF, 208K) (©IFIP).
Note that a username and password are required to download the full text. (Why?) Please e-mail me and I will send you a username and password.
The original paper is also available from the Springer Digital Library site.
DOI: 10.1007/978-0-387-84927-0_25
[Publications]
[Home]
Page maintained by
Martin Olivier
Last update: 22 October 2008