Web Forensics is a proprietary SaaS (Software as a Service) solution for acquiring web pages to be produced as evidence in court cases, complying with international best practices in computer forensics, namely the ISO/IEC 27037:2012 standard.
Web Forensics makes it possible to acquire with legal value the status of one or more web pages of interest so that the content of those web pages can be proven in court at a precise instant.
The solution provides a secure forensic environment consisting of a web browser, several log consoles, and an application that "packages" the digital evidence and stores it in the cloud. An identical browsing experience to that conducted normally will be carried out, with the difference that this browsing, along with the technical documentation produced, is to be considered compliant with the main international standards of computer forensics.
As a result it produces a self-consistent evidentiary package, called a forensic evidence package. A technical report containing timely information about the acquisition methodology and additional technical details to support the verifiability of the overall process must be attached to the digital evidence.
The forensic evidence package contains the audio/video recording of the entire browsing process, the screenshots and downloads made, the network traffic generated, the SSL/TLS (Secure Sockets Layer/Transport Layer Security) keys, the image of the virtual machine used, some log files to support the verifiability of the overall process, and a summary XML file containing the fingerprints of all the previous files.
The technical report is a document that contains all the information about the process put in place to acquire digital evidence. This document meets the process verifiability criteria required by the ISO/IEC 27037:2012 standard and is producible in court along with the forensic evidence package. The forensic evidence package and the technical report make up the digital evidence.
Starting from
+ VAT / forensic acquisition
Are you interested in performing a free, automated forensic acquisition of a web page? With Web Forensics Instant, you will receive digital evidence that complies with the ISO/IEC 27037:2012 standard via email and within minutes.
Discover web forensics instantPurchase the volume "La Prova Digitale (Digital Evidence)," published by Giuffrè Francis Lefebvre and edited by the founding partners of Kopjra. Among many topics, it also addresses the ISO/IEC 27037:2012 standard and the forensic acquisition of web pages.
Purchase the volumeThe main legislative reference is Law No. 48 of March 18, 2008, ratificating the Budapest Cybercrime Convention, by which it was stipulated that activities involving the acquisition of digital evidence must be arranged through suitable methodologies and techniques to ensure authenticity, integrity and non-repudiation, so as to guarantee the evidentiary value of the data and facts proved.
In addition to the above regulatory provision, as of Oct. 15, 2012, the International Organization for Standardization (ISO) launched the first edition of ISO/IEC 27037:2012 standard "Guidelines for identification, collection, acquisition and preservation of digital evidence," which defines guidelines for the identification, collection, acquisition and preservation of digital evidence. This international computer forensics standard is the first compendium of methodological and technical rules to be followed in forensic practice regardless of the legal context.
According to the ISO/IEC 27037:2012 standard, it is necessary to produce in court a forensic evidence package containing evidence that the content viewed while browsing was online at a certain date and time, guaranteeing the provenance of that content and its integrity. A qualified timestamp and an automatic digital signature are affixed to the summary XML file, which contains the fingerprints of all files included in the forensic evidence package, so as to ensure certain date and integrity of the digital evidence.