Abstract
The main challenge in Network Forensics, especially during the Trial session, is to protect the evidences and preserve the contents from malicious attempts to modify and tamper it. Any potential evidences that are not accurate, complete, reliable and verifiable will certainly affect the decision among the jury and judges. In this paper, we classify the potential evidences that will be stored in the network storage based on their contents, characteristics and functions. We also propose a Secure Storage Model, which implements components that preserve evidences using Cryptographic Hashing and Logging Report. As a result, we present the flow of our storage mechanisms and show the importance of hashing for forensics work to secure collected network evidences.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Garfinkel, S.L.: Digital forensics research: The next 10 years. Digital Investigation 73, S64–S73 (2010)
Hartley, W.M.: Current and Future Threats to Digital Forensics. ISSA Journal, 12–14 (2007)
Nance, K., Hay, B., Bishop, M.: Digital Forensics: Defining a Research Agenda. In: Proceedings of the 42nd Hawaii International Conference on System Sciences, pp. 1–6 (2009)
Hu, L., Tang, K., Shi, G., Zhao, K.: DDCFS: A Distributed Dynamic Computer Forensic System Based on Network. In: Second International Conference on Intelligent Computation Technology and Automation, pp. 53–56 (2009)
Blaze, M.: Key Management in an Encrypting File System. In: Proceedings of the Summer USENIX Conference, pp. 27–35 (1994)
Almulhem, A.: Network forensics: Notions and challenges. In: IEEE International Symposium on Signal Processing and Information Technology, pp. 463–466 (2009)
Oppliger, R., Rytz, R.: Digital Evidence: Dream and reality. IEEE Security & Privacy Magazine, 44–48 (2003)
Selamat, S.R., Yusof, R., Sahib, S.: Mapping Process of Digital Forensic Investigation Framework. Journal of Computer Science 8, 163–169 (2009)
Yan, Z., Ying, L.: Research on the Key Technology of Secure Computer Forensics. In: Third International Symposium on Intelligent Information Technology and Security Informatics, pp. 649–652 (2010)
Grobler, T., Louwrens, C.P., Von Solms, S.H.: A Multi-component View of Digital Forensics. In: International Conference on Availability, Reliability and Security, pp. 647–652 (2010)
Ho, V., Dehghantanha, A., Shanmugam, K.: A Guideline to Enforce Data Protection and Privacy Digital Laws in Malaysia. In: Second International Conference on Computer Research and Development, pp. 3–6 (2010)
Kent, K., Chevalier, S., Grance, T., Dang, H.: Guide to Integrating Forensic Techniques into Incident Response. NIST Special Publication 800-86. Computer Security (2006)
Kaushik, A.K., Pilli, E.S., Joshi, R.C.: Network forensic system for port scanning attack. In: IEEE 2nd International Advance Computing Conference, pp. 310–315 (2010)
Hosmer, C.: Proving the Integrity of Digital Evidence with Time. International Journal of Digital Evidence 1, 1–7 (2002)
Shanmugasundaram, K., Memon, N., Savant, A., Bronnimann, H.: ForNet: A Distributed Forensics Network. In: Proceedings of the Second International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security, pp. 1–6 (2003)
Shmueli, E., Vaisenberg, R., Elovici, Y., Glezer, C.: Database Encryption - An Overview of Contemporary Challenges and Design Considerations. ACM SIGMOD Record 38, 29–34 (2009)
Nikkel, B.J.: Generalizing sources of live network evidence. Digital Investigation 2, 193–200 (2005)
Davis, M., Manes, G., Shenoi, S.: A Network-Based Architecture for Storing Digital Evidence. In: Pollitt, M., Shenoi, S. (eds.) Advances in Digital Forensics IFIP International Federation for Information Processing, vol. 194, pp. 33–42. Springer, Heidelberg (2005)
Beebe, N., Clark, J.: Dealing with Terabyte Data Sets in Digital Investigations. In: Pollitt, M., Shenoi, S. (eds.) Advances in Digital Forensics IFIP International Federation for Information Processing, vol, vol. 194, pp. 3–16. Springer, Boston (2005)
Nikkel, B.J.: Improving evidence acquisition from live network sources. Digital Investigation 3, 89–96 (2006)
Mahalingam, P., Jayaprakash, N., Karthikeyan, S.: Enhanced Data Security Framework for Storage Area Networks. In: Second International Conference on Environmental and Computer Science, pp. 105–110 (2009)
Riedel, E., Kallahalla, M., Swaminathan, R.: A framework for evaluating storage system security. In: Proceedings of the 1st Conference on File and Storage Technologies, pp. 1–16 (2002)
Arona, A., Bruschi, D., Rosti, E.: Adding Availability to Log Services of Untrusted Machines. In: Computer Security Applications Conference, ACSAC 1999, vol. 15, pp. 199–206 (1999)
Silberschatz, A., Korth, H., Sudarshan, S.: Database System Concepts. McGraw-Hill Higher Education, New York (2011)
Sommer, P.: The challenges of large computer evidence cases. Digital Investigation 1(1), 16–17 (2004)
Ren, W., Jin, H.: Modeling the Network Forensics Behaviors. In: Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, pp. 1–8 (2005)
Kozushko, H. Digital Evidence, Graduate Seminar (2003), http://infohost.nmt.edu/~sfs/-Students/HarleyKozushko/Presentations/DigitalEvidence.pdf
Casey, E.: Error, Uncertainty, and Loss in Digital Evidence. International Journal of Digital Evidence 1 (2002)
Accorsi, R.: Log Data as Digital Evidence: What Secure Logging Protocols Have to Offer? In: 33rd Annual IEEE International Computer Software and Applications Conference, pp. 398–403 (2009)
Richter, J., Kuntze, N., Rudolph, C.: Securing Digital Evidence. In: Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 119–130 (2010)
Sommer, P.: Intrusion detection systems as evidence. Computer Networks 31, 2477–2487 (1999)
Danielsson, J., Morch, K.H.T., Roe, P.: A system for collection and analysis of forensic evidence, GEM/05/02. Project No: 802022.Norwegian Computing Center/ Applied Research and Development (2003)
Scalet, S.D.: How to Keep a Digital Chain of Custody, http://www.csoonline.com/article/-220718/how-to-keep-a-digital-chain-of-custody
Roussev, V.: Hashing and Data Fingerprinting in Digital Forensics. IEEE Security & Privacy Magazine, 49–55 (2009)
Steve Friedl’s Unixwix.net Tech Tips – An Illustrated Guide to Cryptographic Hases, http://www.unixwiz.net/techtips/iguide-crypto-hashes.html
Casey, E.: Network traffic as a source of evidence: tool strengths, weaknesses, and future needs. Digital Investigation, 28–43 (2004)
Cosic, J., Baca, M.: Do we have full control over integrity in Digital Evidence Life Cycle? In: Proceedings of the ITI 2010 32nd Int. Conf. on Information Technology Interfaces, pp. 429–434 (2010)
Kadhem, H., Amagasa, T., Kitagawa, H.: Encryption over semi-trusted database. In: Chen, L., Liu, C., Liu, Q., Deng, K. (eds.) DASFAA 2009. LNCS, vol. 5667, pp. 358–362. Springer, Heidelberg (2009)
Kim, H., Lee, S., Lim, J.: Digitalevidence Integrated Management System. In: Second Australian Computer, Network & Information Forensics Conference, pp. 31–39 (2004)
Barreto, P.S.L.M., Rijmen, V.: The Whirpool Hashing Function. In: Proceedings of First open NESSIE Workshop, pp. 1–20 (2000)
Une, M., Kanda, M.: Year 2010 Issues on Cryptographic Algorithm. IMES Discussion Paper Series 2006-E-8 (2006)
Jansen, W., Scarfone, K.: Guidelines on Cell Phone and PDA Security, NIST Special Publication 800-124. Computer Security (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ibrahim, M.I., Jantan, A. (2011). A Secure Storage Model to Preserve Evidence in Network Forensics. In: Zain, J.M., Wan Mohd, W.M.b., El-Qawasmeh, E. (eds) Software Engineering and Computer Systems. ICSECS 2011. Communications in Computer and Information Science, vol 180. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22191-0_34
Download citation
DOI: https://doi.org/10.1007/978-3-642-22191-0_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22190-3
Online ISBN: 978-3-642-22191-0
eBook Packages: Computer ScienceComputer Science (R0)