Protecting Digital Evidence Integrity by Using Smart Cards

RFC 3227 provides general guidelines for digital evidence collection and archiving, while the International Organization on Computer Evidence offers guidelines for best practice in the digital forensic examination. In the light of these guidelines we will analyze integrity protection mechanism provided by EnCase and FTK which is mainly based on Message Digest Codes (MDCs). MDCs for integrity protection are not tamper proof, hence they can be forged. With the proposed model for protecting digital evidence integrity by using smart cards (PIDESC) that establishes a secure platform for digitally signing the MDC (in general for a whole range of cryptographic services) in combination with Public Key Cryptography (PKC), one can show that this weakness might be overcome.

[1]  Tom Killalea,et al.  Guidelines for Evidence Collection and Archiving , 2002, RFC.

[2]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[3]  Marc Stevens,et al.  Fast Collision Attack on MD5 , 2006, IACR Cryptol. ePrint Arch..

[4]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[5]  Jian Guo,et al.  Preimages for Step-Reduced SHA-2 , 2009, IACR Cryptol. ePrint Arch..

[6]  Sangjin Lee,et al.  Digital evidence collection process in integrity and memory information gathering , 2005, First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05).