Digital and Multimedia Forensics
Applied Research Associates
A software application/tool capable of collecting and saving data collected from the cloud sites and containers.
National Media Exploitation Center
Digital technology allows for large volumes of data to be stored in some type of cloud-based environment. Law enforcement and the intelligence community often need to collect data from this environment. The forensic acquisition tool for cloud-based data is a forensically validated software tool that can accomplish this task. The tool allows users to collect digital evidence from cloud-based storage sites and containers when the target's username and password are known. The data is collected in a method similar to how digital evidence is acquired from physical storage media. The tool includes related procedures on the collection and storage of digital data, information, and evidence in cloud-based containers and services. The files collected as evidence can be either logical or physical acquisitions, depending on level of access to the cloud-based service. The collected information can be stored in a format compatible with existing digital forensics image formats (such as EWF, RAW/DD, and AFF standards) and includes the information collection meta-data consistent with digital forensics case documentation best practices. The tool will work on commonly used computer hardware.
Extensive data collection from the cloud pertaining to a target can be accomplished when the username and password is known.
Disseminated to several federal agencies and also commercially available from Applied Research Associates.