Best practice approach to live forensic acquisition

Abstract

The development of the Live Forensic discipline instigates the development of a method that allows forensically sound acquisition to stand fast in a court of law. The study presents the development of a comprehensive model for forensically sound Live Forensic Acquisition, the Liforac model. The Liforac model presents a number of concepts that are already available within the Cyber Forensics discipline, combined as a single document. It composes four distinct dimensions: laws and regulations, timeline, knowledge and scope. These dimensions combine to present a wide ranging model to guide first responders and forensic investigators in acquiring forensically sound digital evidence. The dimensions were identified as part of an intense research study on the current application of live forensics and the associated problems and suggested controls. The Liforac model is an inclusive model that presents all aspects related to live forensic acquisition, suggesting ways in which a live forensic acquisition should take place to ensure forensic soundness. At the time of writing, this Liforac model is the first document of this nature that could be found for analysis. It serves as a foundation for future models that can refine the current processes.