The growing complexity of corporate, cloud, and industrial environments has increased the difficulty of acquiring digital evidence, particularly volatile data such as memory and transient network artifacts. Manual forensic procedures and agent-based solutions often introduce operational risks, scalability constraints, and legal challenges in critical infrastructures. This paper proposes an agentless and automated framework for the remote acquisition of digital evidence in heterogeneous networks. The solution is defined as code and orchestrated using Ansible, enabling reproducible, traceable, and minimally intrusive acquisition without requiring permanent software installation on target systems. It supports the collection of volatile memory, system artifacts, and network evidence across on-premise, cloud (AWS), and industrial control system (ICS) environments. The framework is validated through experimental evaluation and a comparative analysis with an agent-based forensic platform (Velociraptor), focusing on scalability, acquisition time, integrity, and operational impact. Compliance with international forensic standards and recent European regulations is also discussed. The results indicate that agentless automation is a viable and flexible approach for digital forensic acquisition in modern hybrid environments.
Fernández et al. (Tue,) studied this question.