Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)


Evidence is the key to solve any crime. Evidence integrity needs to be protected in order to make it admissible in the court of law. Digital evidence is more revealing, but it is fragile; it can easily be tampered with or modified. There are different techniques available to protect the integrity of digital evidence. Different automated digital evidence acquisition tools are available in the market. In this paper, we have analyzed two automated tools (EnCase and FTK Imager) that are used for disk imaging. These tools claim to protect the integrity of digital evidence. The techniques used by these tools are analyzed in this paper. Problems with their approaches are discussed and a solution is proposed to address the problems. A prototype of an automated tool is developed with an implementation of the proposed solution.


Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Y., & Wang, L. (2009). Preimages for stepreduced SHA-2. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5912 LNCS, pp. 578–597). http://doi.org/10.1007/978-3-642-10366- 7_34

Brezinski, D., & Killalea, T. (2002). RFC 3227 Guidelines for Evidence Collection and Archiving Status. Rfc, 1–10.

Did Mesa Police Botch The Arias Case? (n.d.). Retrieved December 22, 2016, from http://evidencesolutions.com/web/index.p hp/Digital-Evidence-Articles/did-mesapolice- botch-the-arias-case-computerforensics. html

Electronic evidence anchors porn case - CNET. (n.d.). Retrieved December 22, 2016, from https://www.cnet.com/news/electronicevidence- anchors-porn-case/

Enfsi. (2009). Guidelines for Best Practice in the Forensic - United Kingdon. Science, (April), 1–30.

Guidance Software. (2016). EnCase Forensic Software - Top Digital Investigations Solution. Retrieved from https://www.guidancesoftware.com/encaseforensic

Lee, S., Kim, H., Lee, S., & Lim, J. (2005). Digital evidence collection process in integrity and memory information gathering. In Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering (Vol. 2005, pp. 236–247). http://doi.org/10.1109/SADFE.2005.9

Product Download. (2014). Retrieved from http://accessdata.com/productdownload/ digital-forensics

Robshaw, M. (1996). On recent results for MD2, MD4 and MD5. RSA Laboratories Bulletin, 4, 2–7. Retrieved from http://scholar.google.com/scholar?hl=en& btnG=Search&q=intitle:On+Recent+Resu lts+for+MD2,+MD4+and+MD5#0%5Cnh ttp://scholar.google.com/scholar?hl=en&bt nG=Search&q=intitle:On+recent+results+ for+MD2,+MD4+and+MD5#0

Saleem, S., & Popov, O. (2011). Protecting digital evidence integrity by using smart cards. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (Vol. 53, pp. 110–119). http://doi.org/10.1007/978-3-642-19513- 6_9

Saleem, S., Popov, O., & Bagilli, I. (2014). Extended abstract digital forensics model with preservation and protection as umbrella principles. Procedia - Procedia Computer Science, 35, 812–821. http://doi.org/10.1016/j.procs.2014.08.246

Smartcard Alliance, & Alliance, S. (2014). About Smart Cards : Introduction : Primer - Smart Card Alliance. Retrieved from http://www.smartcardalliance.org/smartcards- intro-primer/

Wang, X., Yin, Y. L., & Yu, H. (2005). Finding Collisions in the Full SHA-1. In Advances in Cryptology – CRYPTO 2005 (pp. 17–36). http://doi.org/10.1007/11535218_2

Wang, X., & Yu, H. (2005). How to Break MD5 and Other Hash Functions. In Advances in Cryptology – EUROCRYPT 2005 (pp. 19–35). http://doi.org/10.1007/11426639_2

Xie, T., Liu, F., & Feng, D. (2006). Fast collision attack on MD5. IACR ePrint Archive Report, 104, 17. http://doi.org/



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.