WEFT: a consistent and tamper-proof methodology for acquisition of automatically verifiable forensic web evidence

The pervasiveness of web-based services has further complicated forensic operations, as traditional acquisition techniques do not fit with the volatile nature of online evidence. The current best practice often suffer from procedural shortcomings and are prone to tampering, which can lead to the dismissal of evidence in legal contexts. This paper introduces an acquisition methodology aimed at improving the integrity and admissibility of digital evidence acquired from live web environments. Our proposed approach addresses these issues and adheres to the requirement of international standards by establishing a unified format as a single source of truth, secure timestamping, and enabling automatic verification of integrity and its content, thereby offering more transparency to the involved parties. An extensive evaluation with live acquisition of the top 100 most popular websites indicates that the methodology produces an artifact comparable to state-of-the-art tools with added benefits.