Collection of state information in live digital forensics

Abstract

In a digital forensic investigations, the investigator usually wants to get as much state information as possible. Examples of such scenarios are households with wireless networks connecting multiple devices where a security incident occurs. USB devices present themselves as interesting vehicles for the automated collection of state information, as it can store the applications that collect the information, can store the results and can also facilitate the information collection by enabling its automatic operation. This paper proposes a USB solution to facilitate the collection of state information with integrity guarantees and multi-platform operation. Moreover, the proposed solutions is the only one that performs an extensive and homogeneous artifact collection, independently of the underlying operating system. © Springer International Publishing AG 2017.