Rapid Evidence Acquisition Project for Event Reconstruction

Project: Rapid Evidence Acquisition Project for Event Reconstruction (REAPER)
Purpose: To fully automate the acquisition, processing and analysis phases of a digital investigation.
Status: Not active (superseded by the ATOM project)
License: GNU GPLv3
Developer(s): Joshua James

More information:
A proof of concept has been created, but has not been maintained. The source is available via the REAPER Forensics project at Sourceforge.

REAPERlive is a bootable USB/Firewire drive that acquires a suspect system (using the suspect's hardware) to the external USB/Firewire drive. The acquired image is then processed with the Open Computer Forensics Architecture.

REAPER Desktop is a bootable Debian Live CD that automatically creates the REAPERlive USB/Firewire drive.

The functionality of REAPERlive has been incorporated into the easily-configurable ATOM framework.


Links:

• Presentation in Sleuthkit and Open Source Digital Forensics Conference 2011
• http://www.basistech.com/about-us/events/open-source-forensics-conference/2011/presentations/
• UCD REAPER project page
• REAPER Forensics Sourceforge project page