ANDES—Acquisition of Network Device Evidense System

ANDES is a set of tools for automatically acquiring and analyzing forensically-relevant data from network devices. ANDES will enable an investigator to quickly acquire data from network devices without device-specific knowledge. ANDES is being developed both as standalone software and as a tool for handheld mobile computers, enabling investigators to quickly and easily acquire forensic data from network devices in the field.

ANDES will reduce require device-specific forensic training for investigators, help ensure the forensic integrity of acquired data, and speed the investigation process. It will also enable law enforcement investigators without specific training to acquire relevant, volatile forensic information from networking devices in the field.

The ANDES project is funded by the National Institute of Justice.