• DocumentCode
    3233951
  • Title

    Digital evidence collection process in integrity and memory information gathering

  • Author

    Lee, Seokhee ; Kim, Hyunsang ; Lee, Sangjin ; Lim, Jongin

  • Author_Institution
    Center for Inf. Security Technol., Korea Univ., Seoul, South Korea
  • fYear
    2005
  • fDate
    7-9 Nov. 2005
  • Firstpage
    236
  • Lastpage
    247
  • Abstract
    In this paper, we inspect general digital evidence collection process which is according to RFC3227 document, and establish specific steps for guaranteeing integrity of digital evidence and memory information collection. EnCase™ which was used globally has a weakness that MDC value of digital evidence can be modified, hence we propose MDC public system, MAC system and public authentication system with PKI as a countermeasure. And we explain detail of each system. Besides, we include memory dump process to existing digital evidence collection process, and examine privacy information through dumping real user´s memory and collecting pagefile which is part of virtual memory system.
  • Keywords
    data integrity; data privacy; message authentication; public key cryptography; virtual storage; EnCase; MAC system; MDC public system; PKI; RFC3227 document; digital evidence collection process; memory dump process; memory information collection; public authentication system; virtual memory system; Authentication; Clocks; Computer crime; Conferences; Cryptography; Forensics; Guidelines; Information security; Layout; Privacy;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Systematic Approaches to Digital Forensic Engineering, 2005. First International Workshop on
  • Print_ISBN
    0-7695-2478-8
  • Type

    conf

  • DOI
    10.1109/SADFE.2005.9
  • Filename
    1592536
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3233951