Remote Forensic Collection in a Time of Work-From-Home

Remote forensic collection solutions aren’t necessarily a new revelation, they have been around and enacted by digital forensics and litigation support providers for years. What’s changed however, is the role they are playing in collections. Where as before they were a tool in a forensic examiners toolkit that was used as a convenience, in recent years they have moved to the forefront and become an integral part of many collections.

In the last couple of years, remote employees and work-from-home culture has caused a shift in how many law firms and corporations look at remote forensic collections. Remote collections went from being a luxury to a necessity when pandemic lockdowns inhibited on-site collections.

Using this momentum, digital forensic experts have been able to take the historical uses and challenges documented from the earlier years of remote forensic collections and apply it at scale to push the growing use of remote collections as a defensible and cost effective forensic solution.

Through highlighting best practices of on-site forensic collections and carrying the nuances over to a remote landscape, legal teams can effectively conduct remote collections in a defensible and auditable manner.

Remote Forensic Collection Kit Workflow
*Detailed and clear documentation throughout collection and process.

  1. Remote Collection kit is sent to custodian
  2. Collection is scheduled between custodian and remote forensic examiner 
  3. Remote forensic examiner establishes secure remote connection 
  4. Custodian plugs device into collection kit 
    a. Example devices: laptop, mobile device, hard drive, etc. 
  5. Remote forensic examiner gains access to view and navigate device on their end 
  6. Forensic examiner takes full forensic image, and verifiable snapshot of device contents 
  7. Data is collected remotely and encrypted upon collectionCollects data remotely 
  8. Custodian removes device from collection kit 
  9. Custodian mails back device in original shipping box with pre-paid label 

As with any forensic collection, there are always factors or caveats that may cause roadblocks within the process. Therefore, it is best to take into consideration the different challenges that can arise during a remote collection. This will give you the time needed to create a response plan the scenario that the issue is present at the time of collection.

Common considerations for remote forensic collection kits can range from: 

  • Custodian Unwilling/Unable to Participate in Collection
  • Encryption & Passwords 
  • Two-Factor Authentication 
  • Disabled USB ports 
  • Secure Internet Connection 

These are just a couple scenarios, and when planned for can be acted upon accordingly to keep the collection running smoothly.

To learn more about TERIS’ forensic collection capabilities, both on-site and remote, reach out today!