Meyer, MauriceAuth, GunnarSchinner, Alexander2021-12-142021-12-142021978-3-88579-708-1https://dl.gi.de/handle/20.500.12116/37742In today’s networked system environments, remote access to possibly involved IT system components is a fundamental requirement for digital forensics. For con-ducting professional remote forensics investigations in large system landscapes a growing number of software tools, both commercial and open source, is available today. On the other hand, reviews and comparisons of this special type of soft-ware tools are scarce. In support of finding the best-fitting remote forensics tool among the available solutions based on individual requirements and preconditions, this article presents a method for a criteria-based evaluation and selection process. While the method construction generally builds on established procedures for software evaluation and selection, the according criteria catalog including measurement procedures and weightings was derived from literature as well as considerations with experts from the IT security subsidiary of a large German telecom group. Furthermore, the method is demonstrated and validated by applying it to three selected software tools: Cynet, GRR Rapid Response and Velociraptor.enDigital ForensicsRemote ForensicsIndicator of CompromiseSoftware EvaluationSoftware Selection10.18420/informatik2021-0741617-5468