The Acorn Digital Forensics Platform
Portable DFIR workflows for real-world investigations
Integrated forensic workflows, evidence protection, and investigator-focused reporting
within a portable secure Linux forensic environment
Evidence Protection Controls
Portable Investigation Platform
Integrated Forensic Toolset
Built Around Investigative Workflows
The Acorn is a portable digital forensics and incident response platform developed by Squirrel Forensics Ltd. It combines evidence acquisition, forensic analysis, evidence protection and investigator-focused reporting within a Linux-based investigation environment.
Built around real-world investigative workflows, it integrates more than 30 forensic and incident response technologies into a structured environment that guides investigators through the key stages of digital evidence acquisition, analysis, validation, review and reporting.
Evidence Protection
Integrated write-blocking, forensic imaging, and controlled evidence handling workflows designed to support investigator-led acquisition and preservation..
Forensic Analysis
Disk, memory, timeline, registry, and network investigations organised into guided forensic workflows and investigator review processes.
Investigator Outputs
Generate structured reports, timelines, logs, CSV exports, and investigator-focused forensic outputs within analyst-controlled locations.
Portable Operations
Portable forensic workflows designed for field investigations, remote analysis, offline operation, and investigator-led evidence review.
The Acorn Workflow Ecosystem
The table below provides an overview of the investigative workflows available within The Acorn, showing how technologies and outputs are aligned to different stages of the digital forensic and incident response process.
WORKFLOW
INVESTIGATIVE FUNCTION
INTEGRATED TECHNOLOGIES
TYPICAL OUTPUTS
Acquisition & Protection
Capture forensic images using write-protected acquisition workflows and integrated evidence protection controls.
Guymager • dc3dd • dcfldd • Integrated Write-Blocker
E01 / DD forensic images • hash verification
Mount & Explore
Safely mount forensic images and encrypted evidence volumes in read-only mode for investigator review and analysis.
EWF Mount • Dislocker/BitLocker Workflows
Mounted evidence sessions • forensic filesystem access • decrypted evidence containers
Verify Integrity
Validate forensic evidence using integrated hashing, verification, and integrity checking workflows.
EWF Mount • Dislocker/BitLocker
MD5 / SHA verification logs • evidence integrity reports • hash verification records
Analyse Artefacts
Investigate registry artefacts, browser data, memory captures, endpoint activity, and forensic evidence across integrated analysis workflows.
Autopsy • Volatility • Velociraptor • RegRipper
Extracted artefacts • memory analysis findings • parsed registry outputs • investigator review data
Timelines & Events
Build investigative timelines from forensic artefacts, Windows events, logs, and incident activity across multiple evidence sources.
Log2Timeline (Plaso) • Hayabusa • Chainsaw
export.csv • review.tln • command-log.txt • timeline.plaso • summary.txt
Persistence & Malware Analysis
Investigate persistence mechanisms, suspicious processes, malware artefacts, and attacker activity across forensic and incident response workflows.
Volatility • YARA • Chainsaw • Hayabusa
Suspicious process findings • persistence artefacts • malware detection outputs • IOC correlations
Live Response & Endpoint Collection
Perform live endpoint triage, rapid evidence collection, and incident response acquisition workflows during active investigations.
Velociraptor • NetworkMiner
Velociraptor Collections • NetworkMiner Sessions • Endpoint Triage Workflows • Live Response Collection Workflows
Explore The Acorn Platform
Explore the evidence protection architecture, integrated technologies, and investigative outputs that support digital forensics and incident response workflows within The Acorn platform.
Questions About The Acorn?
Request a demo • Partnership enquiries • Academic collaboration
info@sqfr.uk