Hello,
I am interested in setting up a process that will allow me to perform forensic acquisitions of computers remotely. Currently, I am performing on-site acquisitions, but am interested in building a platform that will allow me to perform the collections remotely if possible. My basic outline or idea for this is as follows
1. Use a Microsoft Azure VM as my forensic machine.
2. Use the Microsoft Azure VM to remotely access a client computer.
3. Perform a forensic acquisition of that client computer.
4. Have the forensic image created and stored on the VM (not the client computer).
5. Make sure I am leaving a light footprint on the client computer during the whole process.
Note that these are external acquisitions, meaning that I am not remoting into computers that are part of the same organization or on the same network.
I am trying to build a forensically sound and secure approach to this and would like some opinions on approaches.
Thanks!