Forensic data acqusisition System
The invention refers to the first system dedicated to virtualization and remote forensic analysis of physically acquired data, allowing to see it without alteration in its original operating environment, through snapshots, virtual disks and virtual machines.
As part of a civil or criminal proceeding, a computer-based forensic analysis is aimed at preserving, identifying, acquiring, documenting and interpreting the data present on a computer. The forensic analysis with virtualization features enable “seeing and accessing” a working machine and therefore identifying relevant elements, even without specific IT skills.
The invention does not simply replicate an existing reality, bringing it into a digital environment, rather organizes and implements a method of analysis which was so far often incomplete and conducted in stand-alone mode only. The method applies different systems for interpreting the contents to be analyzed and allows protected access on any PC connected to the Internet, on any operating system or browser, including the simultaneous access from different locations.
In the context of a criminal or civil proceeding, by:
- Public prosecutors;
- Judicial police;
- Technical consultants, etc.
- User-friendliness and usability even without IT skills;
- Scalability of the system from a small server to Mainframe or Cloud;
- Contemporaneous access and use of the analyzed resources by the different stakeholders.