CFP last date
20 January 2025
Call for Paper
February Edition
IJCA solicits high quality original research papers for the upcoming February edition of the journal. The last date of research paper submission is 20 January 2025

Submit your paper
Know more
The week's pick
Responsive image
SFLA-Based Line Balancing and Task Optimization in Master-Slave Controlled Hanger Transportation Systems for Garment Production

Duc Hoang Nguyen
Random Articles
Reseach Article

Safeguarding Forensic Integrity of Virtual Environment Evidence

by Uchenna Peter Daniel, Gregory Epiphaniou
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 82 - Number 6
Year of Publication: 2013
Authors: Uchenna Peter Daniel, Gregory Epiphaniou
10.5120/14123-2240

Uchenna Peter Daniel, Gregory Epiphaniou . Safeguarding Forensic Integrity of Virtual Environment Evidence. International Journal of Computer Applications. 82, 6 ( November 2013), 43-52. DOI=10.5120/14123-2240

@article{ 10.5120/14123-2240,
author = { Uchenna Peter Daniel, Gregory Epiphaniou },
title = { Safeguarding Forensic Integrity of Virtual Environment Evidence },
journal = { International Journal of Computer Applications },
issue_date = { November 2013 },
volume = { 82 },
number = { 6 },
month = { November },
year = { 2013 },
issn = { 0975-8887 },
pages = { 43-52 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume82/number6/14123-2240/ },
doi = { 10.5120/14123-2240 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:57:06.621249+05:30
%A Uchenna Peter Daniel
%A Gregory Epiphaniou
%T Safeguarding Forensic Integrity of Virtual Environment Evidence
%J International Journal of Computer Applications
%@ 0975-8887
%V 82
%N 6
%P 43-52
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Virtual machine technology has emerged with powerful features, offering several benefits and promising revolutionary outcomes. It is one technology that combines into one package several computing concepts like resource management, emulation, time-sharing, isolation and partitioning. These features have made evidence acquisition and preservation difficult and in some cases unfeasible. The aftermath is that conventional approaches to integrity preservation have not yielded the best results required to facilitate acceptability. Subjects around virtualization forensics, its affiliation with digital evidence integrity, and impacts on admissibility have been decisively examined. A part of this discourse dwelt on recognising potential threats to the integrity and reliability of evidence from a virtual environment; specifically using VMware Virtual Machine Monitor as a case study. A theoretical framework for preserving the integrity of digital evidence from such environments is introduced. This structure highlights guidelines, processes and parameters essential for keeping the accuracy, consistency and trustworthiness of digital evidence, made possible via abstractions from eminent integrity principles of well-formed transactions and separation of duties as proposed by Clark and Wilson. Key parameters in the model include; strength of hash functions, number of evidence attributes, and number of evidence cycle covered; all represented conceptually in a mathematical model. This is further consolidated with the introduction of an integrity rating factor/threshold and the definition of an integrity enforcement process in line with globally recommended standards. While still working on practical demonstration of the proposed model, the work done so far is seen to open a path for unification and amplification of trust levels required for the admissibility of virtual environment evidence.

References
  1. IBM, "Accelerating an information-led transformation with IBM System z," IBM Systems and Technology Group, New York, White Paper 2010.
  2. Mike Duren and Chet Hosmer, "Can Digital Evidence Endure the Test of Time?," in Digital Forensics Research Workshop, New York, 2002.
  3. Fotis Tsifountidis, "Virtualization Security: Virtua Machine Monitoring and Introspection," Surrey, England, 2011.
  4. Brett Shavers, "Virtual Forensics: A Discussion of Virtual Machines Related to Forensic Analysis," 2008.
  5. Diane Barrett and Greg Kipper, Virtualization and Forensics: A Digital Forensic Investigator's Guide to Virtual Environments [eBook - PDF], electronic ed. Burlington, USA: Elsevier Inc. , 2010.
  6. Brian Hay and Kara Nance, "Forensics Examination of Volatile System Data Using Virtual Introspection," Fairbanks, 2009.
  7. A Jump and B Gammage, "Emerging Technology Analysis: Hosted Virtual Desktops," Gartner Inc. , White Paper G00164950, 2009.
  8. Ellen Messmer. (2009, October) Gartner: Server virtualization now at 18% of server workload. [Online]. http://www. cio. com/article/505444/
  9. Diane Barrett, "Forensic Challenges in Virtualised Environments," University of Advancing Technology, White Paper 2011.
  10. Christiaan Beek, "Virtual Forensics," Ten ICT Professionals, Paper n. d.
  11. Dave Oswald. (2007, January) Forensic Restitution. [Online]. http:/www. restitution. co. za
  12. Ben Pfaff, Tal Garfinkel, and Mendel Rosenblum, "Virtualization Aware File System: Getting Beyond the Limitations of Virtual Disks," Department of Computer Science, Stanford University, California, 2006.
  13. Jamin Cosic and Miroslav Baca, "Do We Have Full Control Over Integrity in Digital Evidence Life Cycle?," in ITI 2010 32nd International Conference on Information Technology Interfaces (ITI). , Cavtat, 2010, pp. 429-434.
  14. Uchenna Peter A Daniel, Gregory Epiphaniou, and Tim French, "A Novel Evidence Integrity Preservation Framework for Virtualised Environments: A Digital Forensic Approach ," in Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensics (CyberSec2013), Kaula Lampur, 2013, pp. 97-106.
  15. Peter Sommer, "Digital Evidence, Digitak Investigations and E-Disclosure: A Guide to Forensic Readiness for Organizations, Security Advisers and Lawyers," Information Security Guide 2012.
  16. Bradley Schatz, "Digital Evidence: Representation and Assurance," Queensland University of Technology, Queensland, PhD Thesis 2007.
  17. S Vanstone, P Van Oorschot, and A Menezes, Handbook of Applied Cryptography. : CRC Press, 1997.
  18. Chet Hosmer, "Proving the Integrity of Digital Evidence with Time," International Journal of Digital Evidence, vol. I, no. 1, pp. 1-7, 2002.
  19. Christopher James Hargreaves, "Assessing the Reliability of Digital Evidence from Live Investigations involving encryption. ," UK, 2009.
  20. Derek Bem and Ewa Huebner, "Computer Forensic Analysis in a Virtual Environment," International Journal of Digital Evidence, vol. VI, no. 2, pp. 1-13, 2007.
  21. Uchenna Peter Daniel, "A Framework for Evidence Integrity Preservation in Virtualized Environment: A Digital Forensic Approach. ," London, MSc. Thesis 2012.
  22. Patty Bates, "The Rising Impact of Virtual Machine Hypervisor Technology on Digital Forensics Investigation," Information Systems Audit and Control Association. , vol. 6, pp. 47-50, 2009.
  23. Chris Reed, "The Admissibility and Authentication of Computer Evidence - A Confusion of Issues," in 5th BILETA Conference of British and Irish Legal Technology Association, 2005, pp. 1-9.
  24. Simson Garfinkel, "Anti-Forensics: Techniques, Detection and Countermeasures," in 2nd International. Conference on i-. Warfare and Security, Califonia, USA, 2007, pp. 77-84.
  25. Sasa Mrdovic, Alvin Huseinovic, and Ernedin Zajko, "Combining Static and Live Digital Forensic Analysis in Virtual Environment," in XXII International Symposium on Information, Communication and Automation Technologies 2009 (ICAT 2009). , 2009, pp. 1-6.
  26. B Carrier and E H Spafford, "Getting Physical with the Digital Investigation Process," Digital Evidence, vol. 2, no. 2, 2003.
  27. J S Vaughan-Nichols, "Virtualization Sparks Security Concerns," Computer, vol. 41, no. 8, pp. 13 - 15, August 2008.
  28. Matt Healey, Cushing Anderson, and John Humphreys, "IDC: Analyze the future," Massachusetts, IBM Virtualization Services 2008.
  29. W3C. (2011, Junw) A W3C Organization Website: Geolocation API Specification. [Online]. http://dev. w3. org/geo/api/spec-source. html
  30. Kweku K Arthur, Martin S Olivier, Hein S Venter, and Jan H. P. Eloff, "Considerations Towards a Cyber Crime Profiling System," in Third International Conference on Availability, Reliability and Security,2008 (ARES 08), 2008, pp. 1388-1393.
  31. C P Pfleeger and S L Pfleeger, Security in Computing, 3rd ed. : Prentice Hall, 2003.
  32. E Casey, "Digital Evidence maps - A sign of times," Digital Investigation, Elsevier, pp. 1-2, 2007.
  33. Sonya Q Blake. (2000, May) The Clark-Wilson Security Model. Document.
  34. FIPS PUB 180-3 NIST, "Secure Hash Standard (SHS)," Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, Technology Standard 2008.
  35. Dieter Gollmann, "Computer Security," in Computer Security. West Sussex: John Wiley and Sons, Ltd, 2011, p. 258.
  36. Quynh Dang. (2011, September) Recommendation for Applications using approved hash algorithms. [Online]. csrc. nist. gov/publications/. /800-107/Draft_Revised_SP800-107. pdf
  37. Jasmin Cosic and Miroslav Baca, "(Im)Proving Chain of Custody and Digital Evidence Integrity with Time Stamp," in MIPRO, 2010 Proceedings of the 23rd International Convention, 2010, pp. 1226-1230.
  38. S Saleem, O Popov, and R Dahman, "Evaluation of security methods for ensuring the integrity of digital evidence," in 2011 International Conference on Innovations in Information Technology (IIT), 2011, pp. 220 - 225.
  39. Brian D Carrier and Eugene H Spafford. (2004) An Event-Based Digital Forensic Investigation Framework.
  40. J S Vaughan-Nichols, "Virtualization Sparks Security Concerns," Computer, vol. 41, no. 8, pp. 13-14, 2008.
  41. Matt Healey, Cushing Anderson, and John Humphreys, "IDC: Analyze the Future," Massachusetts, IBM Virtualization Services 2008.
  42. R Rogers and K Seigfried, "The Future of computer forensics: A needs analysis survey," Computers and Security, vol. 23, no. 1, pp. 12-16, February 2004.
  43. Richard Boddington, Valerie Hobbs, and Graham Mann, "Validating digital evidence for legal argument," in Proceedings of the 6th Australian Digital Forensics Conference, Edith Cowan University. , Perth Western Australia, 2008, pp. 1-17.
  44. J D Durick. (2011, May) Virtual Machine Files Essential to Forensic Investigations. Document.
  45. C Miller, "Electronic Evidence - Can you prove the transaction took place," Computer Lawyer, pp. 21-33, 1992.
  46. E. Casey, "Error, Uncertainty, and Loss in digital evidence," International Journal for Digital Evidence, 1998.
Index Terms

Computer Science
Information Sciences

Keywords

Evidential Integrity Virtualisation Machine Forensics Evidence Reliability VMware evidence Integrity Preservation

Powered by PhDFocusTM