Security Considerations for / Forensic Acquisition and Investigation Host

• Static Analysis: / Forensic Acquisition and Investigation Host releases undergo the same static analysis as the primary platform in our release pipeline, ensuring thorough security checks.
• Code Signing: / Forensic Acquisition and Investigation Host Windows binaries are signed with an Azure Trusted Signing code signing certificate, ensuring authenticity and integrity.
• Custom Storage Options: Customers can configure their own storage bucket or web server to host the / Forensic Acquisition and Investigation Host binary. This allows for scanning the binary with their own security tools, though it requires maintaining the latest version.
• Temporary Write-Only Credentials: Cado Host uses limited-time, write-only credentials generated by the platform for accessing cloud storage, minimizing security risks.
• Encrypted Communication: All communication between / Forensic Acquisition and Investigation Host and cloud storage is encrypted using TLS, ensuring data security during transfer.

Privilege Requirements

/ Forensic Acquisition and Investigation Host requires elevated privileges to access raw disk and memory for full forensic collection. Running without elevated privileges will limit its ability to access these resources, preventing a complete forensic investigation.