Abstract
RFC 3227 provides general guidelines for digital evidence collection and archiving, while the International Organization on Computer Evidence offers guidelines for best practice in the digital forensic examination. In the light of these guidelines we will analyze integrity protection mechanism provided by EnCase and FTK which is mainly based on Message Digest Codes (MDCs). MDCs for integrity protection are not tamper proof, hence they can be forged. With the proposed model for protecting digital evidence integrity by using smart cards (PIDESC) that establishes a secure platform for digitally signing the MDC (in general for a whole range of cryptographic services) in combination with Public Key Cryptography (PKC), one can show that this weakness might be overcome.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Brezinski, D., Killalea, T.: RFC3227: Guidelines for Evidence Collection and Archiving. RFC Editor United States (2002)
International Organization on Computer Evidence (IOCE), Guidelines for best practice in the forensic examination of digital technology, Orlando (2002)
Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Y., Wang, L.: Preimages for Step-Reduced SHA-2. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 578–597. Springer, Heidelberg (2009)
Robshaw, M.: On recent results for MD2, MD4 and MD5. RSA Laboratories Bulletin 4 (1996)
Stevens, M.: Fast collision attack on MD5. IACR ePrint archive Report 104, 17 (2006)
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Lee, S., Kim, H., Lee, S., Lim, J.: Digital evidence collection process in integrity and memory information gathering. In: First International Workshop on Systematic Approaches to Digital Forensic Engineering, Systematic Approaches to Digital Forensic Engineering, Taipei, Taiwan, pp. 236–247. IEEE, Los Alamitos (2005)
Smart card: Introduction: Primer (March 2010), http://www.smartcardalliance.org/pages/smart-cards-intro-primer
Product downloads (April 2010), http://www.accessdata.com/downloads.html
Encase forensic (March 2010), http://www.guidancesoftware.com/default.aspx
Nexus personal security client (April 2010), http://www.nexussafe.com/en/Products/Nexus-Personal/
Handelsbanken (April 2010), http://www.handelsbanken.se
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Saleem, S., Popov, O. (2011). Protecting Digital Evidence Integrity by Using Smart Cards. In: Baggili, I. (eds) Digital Forensics and Cyber Crime. ICDF2C 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 53. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19513-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-19513-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19512-9
Online ISBN: 978-3-642-19513-6
eBook Packages: Computer ScienceComputer Science (R0)