Enabling the Remote Acquisition of Digital Forensic Evidence through Secure Data Transmission and Verification

TL;DR

The paper introduces RAFT, a secure and verifiable remote forensic imaging system that enables law enforcement to efficiently acquire digital evidence from suspect computers while ensuring court admissibility.

Contribution

RAFT provides a user-friendly, secure client/server architecture for remote digital evidence collection with built-in verification to ensure evidence integrity and admissibility.

Findings

RAFT reduces on-site collection time for digital evidence.

The system ensures the integrity and verifiability of remotely acquired images.

RAFT is designed to be easy to use with minimal technical knowledge.

Abstract

Providing the ability to any law enforcement officer to remotely transfer an image from any suspect computer directly to a forensic laboratory for analysis, can only help to greatly reduce the time wasted by forensic investigators in conducting on-site collection of computer equipment. RAFT (Remote Acquisition Forensic Tool) is a system designed to facilitate forensic investigators by remotely gathering digital evidence. This is achieved through the implementation of a secure, verifiable client/server imaging architecture. The RAFT system is designed to be relatively easy to use, requiring minimal technical knowledge on behalf of the user. One of the key focuses of RAFT is to ensure that the evidence it gathers remotely is court admissible. This is achieved by ensuring that the image taken using RAFT is verified to be identical to the original evidence on a suspect computer.