Remote Evidence Acquisition
Authors: Mark Scanlon
Publication Date: August 2015
Publication Name: International Workshop on Digital Forensics (WSDF 2015)
In an increasing trend, more and more consumer and enterprise data is being accessed on-the-fly and synchronised from remote machines or cloud services. Providing the ability to transfer, store and analyse digital evidence from these remote sources could prove invaluable to a variety of investigations. In a typical investigation, a number of impeding factors might result in traditional local evidence acquisition becoming extremely time consuming, if not entirely impossible, for example device encryption, data corruption, device destruction, etc. This talk provides an overview of the techniques available for the acquisition and handling of digital forensic evidence from a variety of remote sources including physical media, peer-to-peer networks and file synchronisation services, and discusses the methods available for the verification of the evidence collected.