Due to recent developments in counter-forensic technologies such as strong encryption, it may soon be necessary for forensic analysts to use system penetration or "hacking" techniques in order to obtain forensic evidence, a process here referred to as "Hostile Forensics". This issue is not one that has been adequately discussed in the forensic community at large, and as such there has been very little planning or public collaboration to discuss issues and define standards, tactics, strategies and best practices. It is a particular problem for U.S. law enforcement, that currently has few (if any) legal ways to pro-actively obtain permission to use penetrations in a law enforcement operation. This document represents the results of a thought experiment by the author about how one might structure a Hostile Forensics operation with the greatest degree of assurance possible, and to perform an investigation into the issues and approaches of penetration-based forensics.

By Mark Lachniet