Title :
Digital evidence collection process in integrity and memory information gathering
Author :
Lee, Seokhee ; Kim, Hyunsang ; Lee, Sangjin ; Lim, Jongin
Author_Institution :
Center for Inf. Security Technol., Korea Univ., Seoul, South Korea
Abstract :
In this paper, we inspect general digital evidence collection process which is according to RFC3227 document, and establish specific steps for guaranteeing integrity of digital evidence and memory information collection. EnCase™ which was used globally has a weakness that MDC value of digital evidence can be modified, hence we propose MDC public system, MAC system and public authentication system with PKI as a countermeasure. And we explain detail of each system. Besides, we include memory dump process to existing digital evidence collection process, and examine privacy information through dumping real user´s memory and collecting pagefile which is part of virtual memory system.
Keywords :
data integrity; data privacy; message authentication; public key cryptography; virtual storage; EnCase; MAC system; MDC public system; PKI; RFC3227 document; digital evidence collection process; memory dump process; memory information collection; public authentication system; virtual memory system; Authentication; Clocks; Computer crime; Conferences; Cryptography; Forensics; Guidelines; Information security; Layout; Privacy;
Conference_Titel :
Systematic Approaches to Digital Forensic Engineering, 2005. First International Workshop on
Print_ISBN :
0-7695-2478-8
DOI :
10.1109/SADFE.2005.9
