Forensic Acquisition Tool for Cloud-Based Data

Focus Area:Advanced Log Collector Digital and Multimedia Forensics

Description: Digital technology allows for large volumes of data to be stored in some type of cloud-based environment. Law enforcement and the intelligence community often need to collect data from this environment. The forensic acquisition tool for cloud-based data is a forensically validated software tool that can accomplish this task. The tool allows users to collect digital evidence from cloud-based storage sites and containers when the target’s username and password are known. The data is collected in a method similar to how digital evidence is acquired from physical storage media. The tool includes related procedures on the collection and storage of digital data, information, and evidence in cloud-based containers and services. The files collected as evidence can be either logical or physical acquisitions, depending on level of access to the cloud-based service. The collected information can be stored in a format compatible with existing digital forensics image formats (such as EWF, RAW/DD, and AFF standards) and includes the information collection meta-data consistent with digital forensics case documentation best practices. The tool will work on commonly used computer hardware.

Project Cost: $987,928

Project Duration: 21 months

Operational Impact: Extensive data collection from the cloud pertaining to a target can be accomplished when the username and password is known.

Deliverable: A software application/tool capable of collecting and saving data collected from the cloud sites and containers.

Performer: Applied Research Associates

End Users: National Media Exploitation Center

Transition: Disseminated to several federal agencies and also commercially available from Applied Research Associates.