Forensic Acquisition of Websites, Webpages and Online Services with Open Source Tools

Acquiring and preserving digital evidence from hard drives, smartphones or pendrives is pretty straightforward by now. The new challenge is getting to freeze online evidence: websites, webpages, cloud, tweets, social profiles or whatever is found on the Internet. There are few tools and services around, both commercial and free, some are good for webpages and other for websites, some can be adapted to different scenarios but there’s no standard or comprehensive solution.

During this talk we’ll try to build a custom solution to forensically acquire online evidence and metadata based on open source tools such as Firefox, wget, curl, ffmpeg, tcpdump, mitmproxy, opentimestamps and some other OSS tools which together can make web browsing and whole site downloading forensically sound by means of open and verifiable process, certification hash, digital signature and blockchain timestamp.

Furthermore, such environment can be expanded to perform forensic download and acquisition of network traffic, web apps, locally installed software, Android apps, Firewall logs, Google Earth or Maps, Web Archive, audio and video streaming, file transfer/upload , FTP and SFTP, P2P & Torrent, Email, Cloud, VPS and even Tor onion hidden services. With little to no effort, expert witnesses can also perform forensic acquisition of Whatsapp and Telegram chats, groups or channels: whatever can be displayed in browser or accessed via command line can be forensically acquired.

Paolo Dal Checco
Forenser Srl

Paolo Dal Checco received his PhD in Computer and Network Security from the University of Turin, doing research on Cryptography and Data Protection. After few years of research, he focused on Computer Forensics and Digital Investigations as an Expert Witness, spending more and more time in Courts and working on thousands of fascinating cases.

Skilled in computer, network and mobile forensics, Paolo is now exploring OSINT and cryptocurrency intelligence techniques to enforce forensic examinations and provide digital investigation services to lawyers, private sector, companies, Law Enforcement and Courts.

He's author of articles, papers, patents and a regular speaker on Computer Forensics and Digital Investigations in Italian and European courses, conferences and workshops. Recently, he's studying new email forensics and web forensics techniques to help analize and acquire evidence coming from mailboxes and internet resources, since forensic website acquisitions and online content preservation tools and methods are getting more and more relevant.