For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
A Secret Sharing Scheme on Access Structure
p.63
A Tag-Based Signature Scheme with Shorter Signature Length
p.69
An Identity-Based Conditional Proxy Re-Encryption in Cloud Computing Environments
p.74
Fine-Grained Access Control with Efficient Revocation in Cloud Storage
p.79
Integrity and Fidelity Evaluation of Digital Evidence in Live Forensics
p.90
MANET-Based Stable Clustering Algorithm and its Performance Analysis
p.100
RETRACTED: Reinforcement Learning for Cloud Computing Digital Library
p.105
Research on Audit Model of Users’ Operation Normalization Based on Graph Theory in Power System
p.109
Research on Design and Construction Method of Bent Functions
p.114

Integrity and Fidelity Evaluation of Digital Evidence in Live Forensics

Article Preview

Abstract:

The integrity and fidelity of digital evidence are very important in live forensics. Previous research has studied the uncertainty of live forensics based on different memory snapshots. However, this kind of method is not effective in practice. In fact, memory images are usually acquired by using forensics tools instead of using snapshots. Therefore, the integrity and fidelity of live evidence should be evaluated during the acquisition process. In this paper, we give a new viewpoint that memory acquisition can be regarded as a measurement of memory data. From this viewpoint, we evaluate the integrity and fidelity of live evidence in the process of physical memory acquisition. Firstly, several definitions about memory acquisition measure error are introduced to describe the trusty. Then, we analyze the experimental error and propose some suggestions on how to reduce it. A novel method is also developed to calculate the system error in detail. The results of a case study on Windows 7 and VMware virtual machine show that the experimental error has good accuracy and precision, which demonstrate the efficacy of the proposed reducing methods. The system error is also evaluated, that is, it accounts for the whole error from 30% to 50%. Last, a method is proposed to calculate changes or error of system process.

You might also be interested in these eBooks
Computers and Information Processing Technologies I View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 571-572)

Pages:

90-99

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.571-572.90

Citation:

Cite this paper

Online since:

June 2014

Authors:

Lian Hai Wang*, Qiu Liang Xu

Keywords:

Digital Investigation, Fidelity of Evidence, Integrity of Evidence, Live Forensics, Volatile Memory Acquisition

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] D. BILBY, Lowdown and dirty: anti-forensic rootkits, Proceedings of Ruxcon, (2006).

Google Scholar

[2] Lianhai Wang, Ruichao Zhang, Shuhui Zhang: A Model of Computer Live Forensics Based on Physical Memory Analysis. ICISE'09 Dec. 2009 Nanjing China.

Google Scholar

[3] Schatz, B.: BodySnatcher: Towards Reliable Volatile Memory Acquisition by Software. In: 7th annual Digital Forensics Research Workshop, p.126–134 (2007).

DOI: 10.1016/j.diin.2007.06.009

Google Scholar

[4] E. Casey, Error, uncertainty and loss in digital evidence, International Journal of Digital Evidence, vol. 1(2), (2002).

Google Scholar

[5] Bradley Schatz, BodySnatcher: Towards Reliable Volatile Memory Acquisition by Software. In: 7th annual Digital Forensics Research Workshop, 2007: 126–134.

DOI: 10.1016/j.diin.2007.06.009

Google Scholar

[6] Su, Zhen, Wang, Lianhai, Evaluating the effect of loading forensic tools on the volatile memory for digital evidences2011 7th International Conference on Computational Intelligence and Security, CIS 2011, pp.798-802, (2011).

DOI: 10.1109/cis.2011.181

Google Scholar

[7] Wang Lianhai , Li Hengjian, Effect of Live Evidence Acquisition Process on the change of windows XP SP2 registry, Procedia Engineering, 2012, (29): 1246-1252.

DOI: 10.1016/j.proeng.2012.01.121

Google Scholar

[8] Wang Lianhai , Li Hengjian, A Probability Model of Covering Key Trace during Capturing Volatile Memory Procedia Engineering, 2012, 29: 1253-1258.

DOI: 10.1016/j.proeng.2012.01.122

Google Scholar

[9] Antonio Savoldi, Paolo Gubian, Isao Echizen. Uncertainty in Live Forensics. IFIP Advances in Information and Communication Technology, 2010, Volume 337/2010, 171-184.

DOI: 10.1007/978-3-642-15506-2_12

Google Scholar

[10] Guo-Zi SUN, Wei-Ming GENG, Dan-Wei CHEN, Tao SHEN. One Validity Model of Digital Data Forensics Based on Trusted Probability, Chinese Journal of Computers 34: 7, 1262-1274. Online publication date: 6-Sep-(2011).

DOI: 10.3724/sp.j.1016.2011.01262

Google Scholar

[11] http: /en. wikipedia. org/wiki/Accuracy_and_precision.

Google Scholar

[12] http: /en. wikipedia. org/wiki/Measurement_error.

Google Scholar

[13] http: /en. wikipedia. org/wiki/Systematic_error.

Google Scholar

[14] ManTech, Memory DD, Vienna, Virginia (cybersolutions. mantech. com/products. htm).

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.