Focus Area: Digital and Multimedia Forensics
Description: Digital technology allows for large volumes of data to be stored in some type of cloud-based environment. Law enforcement and the intelligence community often need to collect data from this environment. The forensic acquisition tool for cloud-based data is a forensically validated software tool that can accomplish this task. The tool allows users to collect digital evidence from cloud-based storage sites and containers when the target’s username and password are known. The data is collected in a method similar to how digital evidence is acquired from physical storage media. The tool includes related procedures on the collection and storage of digital data, information, and evidence in cloud-based containers and services. The files collected as evidence can be either logical or physical acquisitions, depending on level of access to the cloud-based service. The collected information can be stored in a format compatible with existing digital forensics image formats (such as EWF, RAW/DD, and AFF standards) and includes the information collection meta-data consistent with digital forensics case documentation best practices. The tool will work on commonly used computer hardware.
Project Cost: $987,928
Project Duration: 21 months
Operational Impact: Extensive data collection from the cloud pertaining to a target can be accomplished when the username and password is known.
Deliverable: A software application/tool capable of collecting and saving data collected from the cloud sites and containers.
Performer: Applied Research Associates
End Users: National Media Exploitation Center
Transition: Disseminated to several federal agencies and also commercially available from Applied Research Associates.