Skip to main content
SpringerLink
Log in

State of the Art in Trusted Computing Forensics

  • Conference paper
Future Information Technology, Application, and Service

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 179))

Abstract

The release of trusted computing (TC) technology and its features, such as full disk encryption, has had several implications on the digital forensic investigation process. Today, it is clear from the number of proposed works that trusted computing forensics is a non-trivial topic. This paper presents the state of the art in trusted computing forensics. It starts by establishing the context of the research area by introducing the concept of trusted computing. Then, it reviews the existing trusted computing forensic researches related to all of the branches of digital forensics and investigation steps. Finally, this paper discusses the current open issues and future research directions in the field of trusted computing forensics. To the best of our knowledge, this paper is the first research to investigate the state of trusted computing forensics using a classification way based on the digital forensic types and investigation steps.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. McKemmish, R.: What is forensic computing? Trends and Issues in Crime and Criminal Justices. Australian Institute of Criminology 118, 1–6 (1999)

    Google Scholar 

  2. Noblett, M.G., Pollitt, M.M., et al.: Recovering and Examining Computer Forensic Evidence. Forensic Science Communication 2(4) (2000)

    Google Scholar 

  3. Robbins, J.: An Explanation of Computer Forensics (retrieved September 20, 2011)

    Google Scholar 

  4. Böck, B., Huemer, D., et al.: Towards More Trustable Log Files for Digital Forensics by Means of “Trusted Computing”. In: Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications, AINA 2010, Perth, Australia (2010)

    Google Scholar 

  5. Garber, L.: Computer Forensic: High-Tech Law Enforcement. IEEE Computer Society’s Computer Magazine 34(1), 22–27 (2001)

    Article  MathSciNet  Google Scholar 

  6. Patzakis, J.: Computer Forensics as an Integral Component of the Information Security Enterprise (2003), http://www1.stpt.usf.edu/gkearns/Articles_Fraud/computerforensics.pdf

  7. Yasinsac, A.Y., Erbacher, R.F., et al.: Computer Forensics Education. Security & Privacy Magazine 1(4), 15–23 (2003)

    Article  Google Scholar 

  8. Slade, R.: Software Forensics: Collecting Evidence from the Scene of a Digital Crime. McGraw Hill, New York (2004)

    Google Scholar 

  9. Bitpipe, Computer Forensic (2005), http://www.bitpipe.com/tlist/Computer-Forensics.html (retrieved May 12, 2010)

  10. Stephenson, P.: The Forensic Investigation Steps. Computer Fraud & Security (10), 17–19 (2002)

    Google Scholar 

  11. Mason, S.: Trusted Computing and Forensic Investigation. Digital Forensic 2(3), 4 (2005)

    Google Scholar 

  12. Burmester, M., Mulholland, J.: The Advent of Trusted Computing: Implications for Digital Forensics. In: ACM Symposium on Applied Computing, Dijon, France (2006)

    Google Scholar 

  13. Spafford, E.: Some Challenges in Digital Forensics. In: Advances in Digital Forensics II (2006)

    Google Scholar 

  14. Adams, C.W.: Legal Issues Pertaining to the Development of Digital Forensic Tools. In: 3rd International Workshop on Systematic Approaches to Digital Forensic Engineering, Oakland, California, USA (2008)

    Google Scholar 

  15. Caloyannides, M.A.: Forensics Is So "Yesterday". IEEE Security & Privacy 7(2), 18–25 (2009)

    Article  Google Scholar 

  16. Carrier, B.D.: Digital Forensics Works. Computing in Science and Engineering 7(2), 26–29 (2009)

    Google Scholar 

  17. Liles, S., Rogers, M., et al.: Survey of the Legal Issues Facing Digital Forensic Experts. In: Advances in Digital Forensics V (2009)

    Google Scholar 

  18. Mohay, G., Anderson, A., et al.: Computer and Intrusion Forensics. Artech House, Boston (2002)

    Google Scholar 

  19. Bruschi, D., Monga, M., et al.: Trusted Internet Forensics: design of a network forensics appliance. In: First IEEE/CreateNet Computer Network Forensics Research, Athens (2005)

    Google Scholar 

  20. Gray, A., Sallis, P., et al.: Software Forensics: Extending Authorship Analysis Techniques to Computer Programs. In: Proceedings of the 3rd Biannual Conference of the International Association of Forensic Linguists (IAFL), Durham NC, USA (1997)

    Google Scholar 

  21. Krsul, I., Spafford, E.H.: Authorship analysis: identifying the author of a program. Computers & Security 16(3), 233–257 (1997)

    Article  Google Scholar 

  22. MacDonell, S., Buckingham, D., et al.: Software Forensics: Extending Authorship Analysis Techniques to Computer Programs. Journal of Systems Research and Information Systems 13(1), 34–69 (2002)

    Google Scholar 

  23. Chen, R., Hong, L., et al.: Author Identification of Software Source Code with Program Dependence Graphs. In: IEEE 34th Annual Computer Software and Applications Conference Workshops, Seoul, Korea. IEEE (2010)

    Google Scholar 

  24. Frantzeskou, G., Gritzalis, S.: Source Code Authorship Analysis for Supporting the Cybercrime Investigation Process. In: 1st International Conference on E-Business and Telecommunication Networks, Lisboa, Portuguese (2004)

    Google Scholar 

  25. Benredjem, D.: Contributions to Cyber Forensics: Processes and E-Mail Analysis. In: Electronical and Computer Engineering. Concordia University, Master (2007)

    Google Scholar 

  26. Carrier, B., Spafford, E.H., et al.: Getting Physical with the Digital Investigation Process. International Journal of Digital Evidence 2(2), 1–20 (2003)

    Google Scholar 

  27. Stephenson, P.: The DFRWS Framework Classes (2003), http://people.emich.edu/pstephen/my_papers/DFRWS_Classes.PDF (retrieved March 3, 2010)

  28. Stephenson, P.: A Comprehensive approach to digital incident investigation. Information Security Technical Report 8(8), 42–54 (2003)

    Google Scholar 

  29. Perumal, S.: Digital Forensic Model Based On Malaysian Investigation Process. International Journal of Computer Science and Network Security 9(8), 38–44 (2009)

    Google Scholar 

  30. Vidiot: The Affect of Trusted Platform Modules on Computer Forensics (2007), http://infosectech.net/msia/MBuchert_extra_credit-Affect_of_TPMs_on_%20Forensics.zip (retrieved March 20, 2010)

  31. Lowman, S.: The effect of file and disk encryption on computer forensic (2010), http://lowmanio.co.uk/share/The%20Effect%20of%20File%20and%20Disk%20Encryption%20on%20Computer%20Forensics.pdf (retrieved March 21, 2010)

  32. HogFly, Detecting Bit-Locker (2007), http://windowsir.blogspot.com/2007/04/drive-encryption.html (retrieved September 21, 2010)

  33. Hunter, J.: Detecting BitLocker, http://blogs.msdn.com/b/si_team/archive/2006/10/26/detecting-bitlocker.aspx (retrieved September 20, 2010)

  34. Hargreaves, C., Chivers, H.: Potential Impacts of Windows Vista on Digital Investigations. In: Advanced in Computer Security and Forensics, ACSF (2007)

    Google Scholar 

  35. Mitchell: Applying Forensic Science to Trusted Enterprise Network (2010), http://tools.ietf.org/html/draft-mitchell-nwg-00 (retrieved April 2, 2010)

  36. Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Transactions on Information and System Security (TISSEC) 2(2), 156–176 (1999)

    Article  Google Scholar 

  37. Sommer, P.: Downloads, Logs and Captures: Evidence from Cyberspace. Journal of Financial Crime 5(2), 138–151 (1997)

    Article  Google Scholar 

  38. Hosmer, C.: Proving the Integrity of Digital Evidence with Time. International Journal of Digital Evidence 1(1), 1–7 (2002)

    Google Scholar 

  39. Borck, J.: Leave the cyber sleuthing to the experts (2001), http://www.infoworld.com/articles/tc/xml/01/04/09/010409tccounter.html (retrieved October 30, 2010)

  40. Richter, J., Kuntze, N., et al.: Securing Digital Evidence. In: Fifth IEEE International Workshop on Systematic Approaches to Digital Systematic Approaches to Digital Forensic Engineering (SADFE), The Claremont Resort, Oakland, CA, USA (2010)

    Google Scholar 

  41. Antoniou, G., Wilson, C., Geneiatakis, D.: PPINA - A Forensic Investigation Protocol for Privacy Enhancing Technologies. In: Leitold, H., Markatos, E.P. (eds.) CMS 2006. LNCS, vol. 4237, pp. 185–195. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  42. Antoniou, G., Gritzalis, S.: RPINA- Network Forensics Protocol Embedding Privacy Enhancing Technologies. In: IEEE International Symposium on Communications and Information Technology (ISCIT), Bangkok, Thailand (2006)

    Google Scholar 

  43. Antoniou, G., Sterling, L., et al.: Privacy and forensics investigation process: The ERPINA protocol. Computer Standards & Interfaces 30, 229–236 (2008)

    Article  Google Scholar 

  44. Olivier, M.: Forensics and Privacy-Enhancing Technologies. In: Advances in Digital Forensic, ch. 2 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Waleed Halboob

  2. Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, 43400, Serdang, Selangor, Malaysia

    Ramlan Mahmod

Authors
  1. Waleed Halboob
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ramlan Mahmod
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Waleed Halboob .

Editor information

Editors and Affiliations

  1. Technology (SeoulTech), Computer Science and Engineering, Seoul National University of Science and, Gongreung 2-dong 172, Seoul, 139-743, Korea, Republic of (South Korea)

    James J. (Jong Hyuk) Park

  2. , Electrical and Computer Engineering, The University of British Columbia, Room 4013, Kaiser Building, Main Mall 2332, Vancouver, V6T 1Z4, British Columbia, Canada

    Victor C.M. Leung

  3. The University of Hong Kong, Hong Kong, 1, China, People's Republic

    Cho-Li Wang

  4. Division of Information and Computer Eng, College of Information Technology, Ajou University, San, Woncheon-Dong 5, Suwon, 443-749, Korea, Republic of (South Korea)

    Taeshik Shon

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer Science+Business Media Dordrecht

About this paper

Cite this paper

Halboob, W., Mahmod, R. (2012). State of the Art in Trusted Computing Forensics. In: Park, J., Leung, V., Wang, CL., Shon, T. (eds) Future Information Technology, Application, and Service. Lecture Notes in Electrical Engineering, vol 179. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-5064-7_35

Download citation

  • DOI: https://doi.org/10.1007/978-94-007-5064-7_35

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-94-007-5063-0

  • Online ISBN: 978-94-007-5064-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation