The Association of Digital Forensics, Security and Law (ADFSL)
Evidence is the key to solve any crime. Evidence integrity needs to be protected in order to make it admissible in the court of law. Digital evidence is more revealing, but it is fragile; it can easily be tampered with or modified. There are different techniques available to protect the integrity of digital evidence. Different automated digital evidence acquisition tools are available in the market. In this paper, we have analyzed two automated tools (EnCase and FTK Imager) that are used for disk imaging. These tools claim to protect the integrity of digital evidence. The techniques used by these tools are analyzed in this paper. Problems with their approaches are discussed and a solution is proposed to address the problems. A prototype of an automated tool is developed with an implementation of the proposed solution.
Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Y., & Wang, L. (2009). Preimages for stepreduced SHA-2. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5912 LNCS, pp. 578–597). http://doi.org/10.1007/978-3-642-10366- 7_34
Brezinski, D., & Killalea, T. (2002). RFC 3227 Guidelines for Evidence Collection and Archiving Status. Rfc, 1–10.
Did Mesa Police Botch The Arias Case? (n.d.). Retrieved December 22, 2016, from http://evidencesolutions.com/web/index.p hp/Digital-Evidence-Articles/did-mesapolice- botch-the-arias-case-computerforensics. html
Electronic evidence anchors porn case - CNET. (n.d.). Retrieved December 22, 2016, from https://www.cnet.com/news/electronicevidence- anchors-porn-case/
Enfsi. (2009). Guidelines for Best Practice in the Forensic - United Kingdon. Science, (April), 1–30.
Guidance Software. (2016). EnCase Forensic Software - Top Digital Investigations Solution. Retrieved from https://www.guidancesoftware.com/encaseforensic
Lee, S., Kim, H., Lee, S., & Lim, J. (2005). Digital evidence collection process in integrity and memory information gathering. In Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering (Vol. 2005, pp. 236–247). http://doi.org/10.1109/SADFE.2005.9
Product Download. (2014). Retrieved from http://accessdata.com/productdownload/ digital-forensics
Robshaw, M. (1996). On recent results for MD2, MD4 and MD5. RSA Laboratories Bulletin, 4, 2–7. Retrieved from http://scholar.google.com/scholar?hl=en& btnG=Search&q=intitle:On+Recent+Resu lts+for+MD2,+MD4+and+MD5#0%5Cnh ttp://scholar.google.com/scholar?hl=en&bt nG=Search&q=intitle:On+recent+results+ for+MD2,+MD4+and+MD5#0
Saleem, S., & Popov, O. (2011). Protecting digital evidence integrity by using smart cards. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (Vol. 53, pp. 110–119). http://doi.org/10.1007/978-3-642-19513- 6_9
Saleem, S., Popov, O., & Bagilli, I. (2014). Extended abstract digital forensics model with preservation and protection as umbrella principles. Procedia - Procedia Computer Science, 35, 812–821. http://doi.org/10.1016/j.procs.2014.08.246
Smartcard Alliance, & Alliance, S. (2014). About Smart Cards : Introduction : Primer - Smart Card Alliance. Retrieved from http://www.smartcardalliance.org/smartcards- intro-primer/
Wang, X., Yin, Y. L., & Yu, H. (2005). Finding Collisions in the Full SHA-1. In Advances in Cryptology – CRYPTO 2005 (pp. 17–36). http://doi.org/10.1007/11535218_2
Wang, X., & Yu, H. (2005). How to Break MD5 and Other Hash Functions. In Advances in Cryptology – EUROCRYPT 2005 (pp. 19–35). http://doi.org/10.1007/11426639_2
Xie, T., Liu, F., & Feng, D. (2006). Fast collision attack on MD5. IACR ePrint Archive Report, 104, 17. http://doi.org/10.1.1.301.4421
Shah, Makhdoom Syed Muhammad Baqir; Saleem, Shahzad; and Zulqarnain, Roha
"Protecting Digital Evidence Integrity and Preserving Chain of Custody,"
Journal of Digital Forensics, Security and Law: Vol. 12
, Article 12.
Available at: https://commons.erau.edu/jdfsl/vol12/iss2/12