Online Acquisition of Digital Forensic Evidence

  • Mark Scanlon
  • Mohand-Tahar Kechadi
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 31)


Providing the ability to any law enforcement officer to remotely transfer an image from any suspect computer directly to a forensic laboratory for analysis, can only help to greatly reduce the time wasted by forensic investigators in conducting on-site collection of computer equipment. RAFT (Remote Acquisition Forensic Tool) is a system designed to facilitate forensic investigators by remotely gathering digital evidence. This is achieved through the implementation of a secure, verifiable client/server imaging architecture. The RAFT system is designed to be relatively easy to use, requiring minimal technical knowledge on behalf of the user. One of the key focuses of RAFT is to ensure that the evidence it gathers remotely is court admissible. This is achieved by ensuring that the image taken using RAFT is verified to be identical to the original evidence on a suspect computer.


Digital Forensics Evidence Remote Hard Drive Acquisition Imaging Internet Verification 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dahlman, E., Ekström, H., Furuskär, A., Jading, Y., Karlsson, J., Lundevall, M., Parkvall, S.: The 3G Long-Term Evolution – Radio Interface Concepts and Performance Evaluation. In: 63rd IEEE Vehicular Technology Conference, Melbourne, Australia (May 2006)Google Scholar
  2. 2.
    dcfldd (Department of Defence Computer Lab Dataset Definition) (April 2009),
  3. 3.
    Gao, Y., Richard III, G.G., Roussev, V.: Bluepipe: A Scalable Architecture for On-the-Spot Digital Forensics. International Journal of Digital Evidence 3(1) (2004)Google Scholar
  4. 4.
    Govil, J., Govil, J.: An Empirical Feasibility Study of 4G’s Key Technologies. In: Proceedings IEEE International Conference on Electro/Information Technology (EIT), pp. 267–270 (2008)Google Scholar
  5. 5.
    Ray, I., Shenoi, S.: 26: Time Analysis of Hard Drive Imaging Tools. In: Advantages in Digital Forensics IV, pp. 340–343 (2008)Google Scholar
  6. 6.
    Richard III, G.G., Roussev, V.: Next-Generation Digital Forensics. Communications of the ACM 49(2), 76–80 (2006)CrossRefGoogle Scholar
  7. 7.
    Roussev, V., Richard III, G.G.: Breaking the performance wall: the case for distributed digital forensics. In: Proceedings of the 2004 Digital Forensics Research Workshop, Baltimore, Maryland, USA (DFRWS) (August 2004)Google Scholar
  8. 8.
    Sealey, P.: Remote Forensics. Digital Investigation 1(4), 261–265 (2004)CrossRefGoogle Scholar
  9. 9.
    Speedtest Mini, Downloaded (April 2009),
  10. 10.
    SSH Filesystem, Downloaded (April 2009),
  11. 11.
    Ubuntu Linux 8.04 (November 2008),
  12. 12.
    Wang, S.-J.: Measures of retaining digital evidence to prosecute computer-based cyber-crimes. Computer Standards & Interfaces 29(2), 216–223 (2007)CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2010

Authors and Affiliations

  • Mark Scanlon
    • 1
  • Mohand-Tahar Kechadi
    • 1
  1. 1.UCD Centre for Cybercrime Investigation, School of Computer Science and InformaticsUniversity College DublinDublinIreland

Personalised recommendations