Skip to main content
SpringerLink
Log in

A Secure Storage Model to Preserve Evidence in Network Forensics

  • Conference paper
Book cover Software Engineering and Computer Systems (ICSECS 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 180))

Included in the following conference series:

Abstract

The main challenge in Network Forensics, especially during the Trial session, is to protect the evidences and preserve the contents from malicious attempts to modify and tamper it. Any potential evidences that are not accurate, complete, reliable and verifiable will certainly affect the decision among the jury and judges. In this paper, we classify the potential evidences that will be stored in the network storage based on their contents, characteristics and functions. We also propose a Secure Storage Model, which implements components that preserve evidences using Cryptographic Hashing and Logging Report. As a result, we present the flow of our storage mechanisms and show the importance of hashing for forensics work to secure collected network evidences.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Garfinkel, S.L.: Digital forensics research: The next 10 years. Digital Investigation 73, S64–S73 (2010)

    Article  Google Scholar 

  2. Hartley, W.M.: Current and Future Threats to Digital Forensics. ISSA Journal, 12–14 (2007)

    Google Scholar 

  3. Nance, K., Hay, B., Bishop, M.: Digital Forensics: Defining a Research Agenda. In: Proceedings of the 42nd Hawaii International Conference on System Sciences, pp. 1–6 (2009)

    Google Scholar 

  4. Hu, L., Tang, K., Shi, G., Zhao, K.: DDCFS: A Distributed Dynamic Computer Forensic System Based on Network. In: Second International Conference on Intelligent Computation Technology and Automation, pp. 53–56 (2009)

    Google Scholar 

  5. Blaze, M.: Key Management in an Encrypting File System. In: Proceedings of the Summer USENIX Conference, pp. 27–35 (1994)

    Google Scholar 

  6. Almulhem, A.: Network forensics: Notions and challenges. In: IEEE International Symposium on Signal Processing and Information Technology, pp. 463–466 (2009)

    Google Scholar 

  7. Oppliger, R., Rytz, R.: Digital Evidence: Dream and reality. IEEE Security & Privacy Magazine, 44–48 (2003)

    Google Scholar 

  8. Selamat, S.R., Yusof, R., Sahib, S.: Mapping Process of Digital Forensic Investigation Framework. Journal of Computer Science 8, 163–169 (2009)

    Google Scholar 

  9. Yan, Z., Ying, L.: Research on the Key Technology of Secure Computer Forensics. In: Third International Symposium on Intelligent Information Technology and Security Informatics, pp. 649–652 (2010)

    Google Scholar 

  10. Grobler, T., Louwrens, C.P., Von Solms, S.H.: A Multi-component View of Digital Forensics. In: International Conference on Availability, Reliability and Security, pp. 647–652 (2010)

    Google Scholar 

  11. Ho, V., Dehghantanha, A., Shanmugam, K.: A Guideline to Enforce Data Protection and Privacy Digital Laws in Malaysia. In: Second International Conference on Computer Research and Development, pp. 3–6 (2010)

    Google Scholar 

  12. Kent, K., Chevalier, S., Grance, T., Dang, H.: Guide to Integrating Forensic Techniques into Incident Response. NIST Special Publication 800-86. Computer Security (2006)

    Google Scholar 

  13. Kaushik, A.K., Pilli, E.S., Joshi, R.C.: Network forensic system for port scanning attack. In: IEEE 2nd International Advance Computing Conference, pp. 310–315 (2010)

    Google Scholar 

  14. Hosmer, C.: Proving the Integrity of Digital Evidence with Time. International Journal of Digital Evidence 1, 1–7 (2002)

    Google Scholar 

  15. Shanmugasundaram, K., Memon, N., Savant, A., Bronnimann, H.: ForNet: A Distributed Forensics Network. In: Proceedings of the Second International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security, pp. 1–6 (2003)

    Google Scholar 

  16. Shmueli, E., Vaisenberg, R., Elovici, Y., Glezer, C.: Database Encryption - An Overview of Contemporary Challenges and Design Considerations. ACM SIGMOD Record 38, 29–34 (2009)

    Article  Google Scholar 

  17. Nikkel, B.J.: Generalizing sources of live network evidence. Digital Investigation 2, 193–200 (2005)

    Article  Google Scholar 

  18. Davis, M., Manes, G., Shenoi, S.: A Network-Based Architecture for Storing Digital Evidence. In: Pollitt, M., Shenoi, S. (eds.) Advances in Digital Forensics IFIP International Federation for Information Processing, vol. 194, pp. 33–42. Springer, Heidelberg (2005)

    Google Scholar 

  19. Beebe, N., Clark, J.: Dealing with Terabyte Data Sets in Digital Investigations. In: Pollitt, M., Shenoi, S. (eds.) Advances in Digital Forensics IFIP International Federation for Information Processing, vol, vol. 194, pp. 3–16. Springer, Boston (2005)

    Google Scholar 

  20. Nikkel, B.J.: Improving evidence acquisition from live network sources. Digital Investigation 3, 89–96 (2006)

    Article  Google Scholar 

  21. Mahalingam, P., Jayaprakash, N., Karthikeyan, S.: Enhanced Data Security Framework for Storage Area Networks. In: Second International Conference on Environmental and Computer Science, pp. 105–110 (2009)

    Google Scholar 

  22. Riedel, E., Kallahalla, M., Swaminathan, R.: A framework for evaluating storage system security. In: Proceedings of the 1st Conference on File and Storage Technologies, pp. 1–16 (2002)

    Google Scholar 

  23. Arona, A., Bruschi, D., Rosti, E.: Adding Availability to Log Services of Untrusted Machines. In: Computer Security Applications Conference, ACSAC 1999, vol. 15, pp. 199–206 (1999)

    Google Scholar 

  24. Silberschatz, A., Korth, H., Sudarshan, S.: Database System Concepts. McGraw-Hill Higher Education, New York (2011)

    MATH  Google Scholar 

  25. Sommer, P.: The challenges of large computer evidence cases. Digital Investigation 1(1), 16–17 (2004)

    Article  Google Scholar 

  26. Ren, W., Jin, H.: Modeling the Network Forensics Behaviors. In: Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, pp. 1–8 (2005)

    Google Scholar 

  27. Kozushko, H. Digital Evidence, Graduate Seminar (2003), http://infohost.nmt.edu/~sfs/-Students/HarleyKozushko/Presentations/DigitalEvidence.pdf

  28. Casey, E.: Error, Uncertainty, and Loss in Digital Evidence. International Journal of Digital Evidence 1 (2002)

    Google Scholar 

  29. Accorsi, R.: Log Data as Digital Evidence: What Secure Logging Protocols Have to Offer? In: 33rd Annual IEEE International Computer Software and Applications Conference, pp. 398–403 (2009)

    Google Scholar 

  30. Richter, J., Kuntze, N., Rudolph, C.: Securing Digital Evidence. In: Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 119–130 (2010)

    Google Scholar 

  31. Sommer, P.: Intrusion detection systems as evidence. Computer Networks 31, 2477–2487 (1999)

    Article  Google Scholar 

  32. Danielsson, J., Morch, K.H.T., Roe, P.: A system for collection and analysis of forensic evidence, GEM/05/02. Project No: 802022.Norwegian Computing Center/ Applied Research and Development (2003)

    Google Scholar 

  33. Scalet, S.D.: How to Keep a Digital Chain of Custody, http://www.csoonline.com/article/-220718/how-to-keep-a-digital-chain-of-custody

  34. Roussev, V.: Hashing and Data Fingerprinting in Digital Forensics. IEEE Security & Privacy Magazine, 49–55 (2009)

    Google Scholar 

  35. Steve Friedl’s Unixwix.net Tech Tips – An Illustrated Guide to Cryptographic Hases, http://www.unixwiz.net/techtips/iguide-crypto-hashes.html

  36. Casey, E.: Network traffic as a source of evidence: tool strengths, weaknesses, and future needs. Digital Investigation, 28–43 (2004)

    Google Scholar 

  37. Cosic, J., Baca, M.: Do we have full control over integrity in Digital Evidence Life Cycle? In: Proceedings of the ITI 2010 32nd Int. Conf. on Information Technology Interfaces, pp. 429–434 (2010)

    Google Scholar 

  38. Kadhem, H., Amagasa, T., Kitagawa, H.: Encryption over semi-trusted database. In: Chen, L., Liu, C., Liu, Q., Deng, K. (eds.) DASFAA 2009. LNCS, vol. 5667, pp. 358–362. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  39. Kim, H., Lee, S., Lim, J.: Digitalevidence Integrated Management System. In: Second Australian Computer, Network & Information Forensics Conference, pp. 31–39 (2004)

    Google Scholar 

  40. Barreto, P.S.L.M., Rijmen, V.: The Whirpool Hashing Function. In: Proceedings of First open NESSIE Workshop, pp. 1–20 (2000)

    Google Scholar 

  41. Une, M., Kanda, M.: Year 2010 Issues on Cryptographic Algorithm. IMES Discussion Paper Series 2006-E-8 (2006)

    Google Scholar 

  42. Jansen, W., Scarfone, K.: Guidelines on Cell Phone and PDA Security, NIST Special Publication 800-124. Computer Security (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Security Research Group, School of Computer Sciences, Universiti Sains Malaysia, 11800 USM, Pulau Pinang, Malaysia

    Mohd Izham Ibrahim & Aman Jantan

Authors
  1. Mohd Izham Ibrahim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aman Jantan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Computer Systems and Software Engineering, Universiti Malaysia Pahang, Lebuhraya Tun Razak, 26300 Gambang, Kuantan, Pahang, Malaysia

    Jasni Mohamad Zain

  2. Faculty of Computer Systems and Software Engineering, Universiti Malaysia Pahang, Lebuhraya Tun Razak, 26300, Gambang, Kuantan, Pahang, Malaysia

    Wan Maseri bt Wan Mohd

  3. Information Systems Department, King Saud University, 11543, Riyadh, Saudi Arabia

    Eyas El-Qawasmeh

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ibrahim, M.I., Jantan, A. (2011). A Secure Storage Model to Preserve Evidence in Network Forensics. In: Zain, J.M., Wan Mohd, W.M.b., El-Qawasmeh, E. (eds) Software Engineering and Computer Systems. ICSECS 2011. Communications in Computer and Information Science, vol 180. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22191-0_34

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22191-0_34

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22190-3

  • Online ISBN: 978-3-642-22191-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation