Evaluation of security methods for ensuring the integrity of digital evidence

The omnipresence of e-services running on various instances of pervasive e-infrastructures that are fundamental to the contemporary information society generates an abundance of digital evidence. The evidence in a digital form stems from a myriad of sources ranging from stand alone computers and their volatile and non-volatile storages, to mobile small scale digital devices, network traffic, ever-present applications comprising social networks, ISP records, logs, Web pages, databases and both global and local information systems. The acquisition and the analysis of this evidence is crucial to understanding and functioning of the digital world, regardless of the positive or negative implications of the actions and the activities that generated the evidence. In the case of the later, when the evidence comes from illegal, illicit and malicious activities, the protection of digital evidence is of major concern for the law enforcement and legal institutions, namely for investigators and prosecutors. To protect the integrity of the digital evidence, a number of security methods are used. These methods differ in terms of performance, accuracy, security levels, computational complexity, potential errors and the statistical admissibility of the produced results, as well as the vulnerabilities to accidental or malicious modifications. The work presented deals with the evaluation of these security methods in order to study and understand their “goodness” and suitability to protect the integrity of the digital evidence. The immediate outcome of the evaluation is a set of recommendations to be considered for selecting the right algorithm to protect integrity of the digital evidence in general.