PART 1Computer Forensic; Remote monitoring Most of the forensic examiners’ tools are, from a legal perspective, unremarkable. There are a few, however, that can raise some concerns. Particularly in...

Tools for remotely monitoring a computer
Remote Forensics
Introduction
Digital Forensics has gradually evolved from simply extracting and preserving crucial information from the physical storage/devices to a new breed of Forensics known as Remote Forensics also known as Cloud Forensics, which has the ability to acquire live, volatile remote data from live systems which could be targeted by cyber-criminals or hackers (Vacca & Rudolph, 2010).
The forensics investigator searches these systems, collects files, scrolls through the running processes, mounts RAM, etc. or can perform a search or a preview on an acquired remote hard drive which has been already seized but the analyst is accessing it over the network through remote forensic software/tools as the analyst can not be present on the physical location due to reasons such as geographical separation etc. (Farina et. al., 2014). Moreover, Remote forensics provides a mechanism to overcome the complications of hard-drive encryption and the requirement of traveling to the physical location(s) that in turn results in reducing the response time (Heiser, 2009).
Remote Forensics are often confused with Network Forensics, Network forensic tools utilize privileged access technique to the network, in order to monitor any activities whatsoever at the packet level, whereas Remote forensic tools make use of privileged access to the host in order to preview, examine or search contents which are present in the persistent storage and volatile memory (Heiser, 2009).
Remote Forensic Tools
Remote Forensic Tools are emerging as saviors on the horizon of forensic tools, as these help the forensic experts by preserving the evidence on live, remote systems. Also, through these tools digital forensics is taking a big leap in the world of forensics by providing incident response, help in enforcing enterprise policy and electronic data discovery. Tools such as ProDiscover IR, EnCase Enterprise Edition are being used to process digital evidence on remote, live systems (Casey E. & Stanley A., 2004).
· ProDiscover IR can be used to view information regarding the file systems without altering file system metadata, identify malicious files on the remote file system, capturing forensic image, obtaining process details etc. It was the first one to offer remote forensics capability, but other suites provide much better capabilities.
· EnCase Enterprise Edition can perform all the processes mentioned above and also provide executable paths for processes on the remote systems, provide list of opened files on the remote system, view mounted RAM disks, combine and co-relate data from different remote systems etc. (Casey E. & Stanley A., 2004).
· AccessData Forensic Toolkit allows data acquisition, filtering of data, case management and reporting capabilities which are...