Abstract
The release of trusted computing (TC) technology and its features, such as full disk encryption, has had several implications on the digital forensic investigation process. Today, it is clear from the number of proposed works that trusted computing forensics is a non-trivial topic. This paper presents the state of the art in trusted computing forensics. It starts by establishing the context of the research area by introducing the concept of trusted computing. Then, it reviews the existing trusted computing forensic researches related to all of the branches of digital forensics and investigation steps. Finally, this paper discusses the current open issues and future research directions in the field of trusted computing forensics. To the best of our knowledge, this paper is the first research to investigate the state of trusted computing forensics using a classification way based on the digital forensic types and investigation steps.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
McKemmish, R.: What is forensic computing? Trends and Issues in Crime and Criminal Justices. Australian Institute of Criminology 118, 1–6 (1999)
Noblett, M.G., Pollitt, M.M., et al.: Recovering and Examining Computer Forensic Evidence. Forensic Science Communication 2(4) (2000)
Robbins, J.: An Explanation of Computer Forensics (retrieved September 20, 2011)
Böck, B., Huemer, D., et al.: Towards More Trustable Log Files for Digital Forensics by Means of “Trusted Computing”. In: Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications, AINA 2010, Perth, Australia (2010)
Garber, L.: Computer Forensic: High-Tech Law Enforcement. IEEE Computer Society’s Computer Magazine 34(1), 22–27 (2001)
Patzakis, J.: Computer Forensics as an Integral Component of the Information Security Enterprise (2003), http://www1.stpt.usf.edu/gkearns/Articles_Fraud/computerforensics.pdf
Yasinsac, A.Y., Erbacher, R.F., et al.: Computer Forensics Education. Security & Privacy Magazine 1(4), 15–23 (2003)
Slade, R.: Software Forensics: Collecting Evidence from the Scene of a Digital Crime. McGraw Hill, New York (2004)
Bitpipe, Computer Forensic (2005), http://www.bitpipe.com/tlist/Computer-Forensics.html (retrieved May 12, 2010)
Stephenson, P.: The Forensic Investigation Steps. Computer Fraud & Security (10), 17–19 (2002)
Mason, S.: Trusted Computing and Forensic Investigation. Digital Forensic 2(3), 4 (2005)
Burmester, M., Mulholland, J.: The Advent of Trusted Computing: Implications for Digital Forensics. In: ACM Symposium on Applied Computing, Dijon, France (2006)
Spafford, E.: Some Challenges in Digital Forensics. In: Advances in Digital Forensics II (2006)
Adams, C.W.: Legal Issues Pertaining to the Development of Digital Forensic Tools. In: 3rd International Workshop on Systematic Approaches to Digital Forensic Engineering, Oakland, California, USA (2008)
Caloyannides, M.A.: Forensics Is So "Yesterday". IEEE Security & Privacy 7(2), 18–25 (2009)
Carrier, B.D.: Digital Forensics Works. Computing in Science and Engineering 7(2), 26–29 (2009)
Liles, S., Rogers, M., et al.: Survey of the Legal Issues Facing Digital Forensic Experts. In: Advances in Digital Forensics V (2009)
Mohay, G., Anderson, A., et al.: Computer and Intrusion Forensics. Artech House, Boston (2002)
Bruschi, D., Monga, M., et al.: Trusted Internet Forensics: design of a network forensics appliance. In: First IEEE/CreateNet Computer Network Forensics Research, Athens (2005)
Gray, A., Sallis, P., et al.: Software Forensics: Extending Authorship Analysis Techniques to Computer Programs. In: Proceedings of the 3rd Biannual Conference of the International Association of Forensic Linguists (IAFL), Durham NC, USA (1997)
Krsul, I., Spafford, E.H.: Authorship analysis: identifying the author of a program. Computers & Security 16(3), 233–257 (1997)
MacDonell, S., Buckingham, D., et al.: Software Forensics: Extending Authorship Analysis Techniques to Computer Programs. Journal of Systems Research and Information Systems 13(1), 34–69 (2002)
Chen, R., Hong, L., et al.: Author Identification of Software Source Code with Program Dependence Graphs. In: IEEE 34th Annual Computer Software and Applications Conference Workshops, Seoul, Korea. IEEE (2010)
Frantzeskou, G., Gritzalis, S.: Source Code Authorship Analysis for Supporting the Cybercrime Investigation Process. In: 1st International Conference on E-Business and Telecommunication Networks, Lisboa, Portuguese (2004)
Benredjem, D.: Contributions to Cyber Forensics: Processes and E-Mail Analysis. In: Electronical and Computer Engineering. Concordia University, Master (2007)
Carrier, B., Spafford, E.H., et al.: Getting Physical with the Digital Investigation Process. International Journal of Digital Evidence 2(2), 1–20 (2003)
Stephenson, P.: The DFRWS Framework Classes (2003), http://people.emich.edu/pstephen/my_papers/DFRWS_Classes.PDF (retrieved March 3, 2010)
Stephenson, P.: A Comprehensive approach to digital incident investigation. Information Security Technical Report 8(8), 42–54 (2003)
Perumal, S.: Digital Forensic Model Based On Malaysian Investigation Process. International Journal of Computer Science and Network Security 9(8), 38–44 (2009)
Vidiot: The Affect of Trusted Platform Modules on Computer Forensics (2007), http://infosectech.net/msia/MBuchert_extra_credit-Affect_of_TPMs_on_%20Forensics.zip (retrieved March 20, 2010)
Lowman, S.: The effect of file and disk encryption on computer forensic (2010), http://lowmanio.co.uk/share/The%20Effect%20of%20File%20and%20Disk%20Encryption%20on%20Computer%20Forensics.pdf (retrieved March 21, 2010)
HogFly, Detecting Bit-Locker (2007), http://windowsir.blogspot.com/2007/04/drive-encryption.html (retrieved September 21, 2010)
Hunter, J.: Detecting BitLocker, http://blogs.msdn.com/b/si_team/archive/2006/10/26/detecting-bitlocker.aspx (retrieved September 20, 2010)
Hargreaves, C., Chivers, H.: Potential Impacts of Windows Vista on Digital Investigations. In: Advanced in Computer Security and Forensics, ACSF (2007)
Mitchell: Applying Forensic Science to Trusted Enterprise Network (2010), http://tools.ietf.org/html/draft-mitchell-nwg-00 (retrieved April 2, 2010)
Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Transactions on Information and System Security (TISSEC) 2(2), 156–176 (1999)
Sommer, P.: Downloads, Logs and Captures: Evidence from Cyberspace. Journal of Financial Crime 5(2), 138–151 (1997)
Hosmer, C.: Proving the Integrity of Digital Evidence with Time. International Journal of Digital Evidence 1(1), 1–7 (2002)
Borck, J.: Leave the cyber sleuthing to the experts (2001), http://www.infoworld.com/articles/tc/xml/01/04/09/010409tccounter.html (retrieved October 30, 2010)
Richter, J., Kuntze, N., et al.: Securing Digital Evidence. In: Fifth IEEE International Workshop on Systematic Approaches to Digital Systematic Approaches to Digital Forensic Engineering (SADFE), The Claremont Resort, Oakland, CA, USA (2010)
Antoniou, G., Wilson, C., Geneiatakis, D.: PPINA - A Forensic Investigation Protocol for Privacy Enhancing Technologies. In: Leitold, H., Markatos, E.P. (eds.) CMS 2006. LNCS, vol. 4237, pp. 185–195. Springer, Heidelberg (2006)
Antoniou, G., Gritzalis, S.: RPINA- Network Forensics Protocol Embedding Privacy Enhancing Technologies. In: IEEE International Symposium on Communications and Information Technology (ISCIT), Bangkok, Thailand (2006)
Antoniou, G., Sterling, L., et al.: Privacy and forensics investigation process: The ERPINA protocol. Computer Standards & Interfaces 30, 229–236 (2008)
Olivier, M.: Forensics and Privacy-Enhancing Technologies. In: Advances in Digital Forensic, ch. 2 (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Science+Business Media Dordrecht
About this paper
Cite this paper
Halboob, W., Mahmod, R. (2012). State of the Art in Trusted Computing Forensics. In: Park, J., Leung, V., Wang, CL., Shon, T. (eds) Future Information Technology, Application, and Service. Lecture Notes in Electrical Engineering, vol 179. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-5064-7_35
Download citation
DOI: https://doi.org/10.1007/978-94-007-5064-7_35
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-5063-0
Online ISBN: 978-94-007-5064-7
eBook Packages: EngineeringEngineering (R0)