Abstract
This paper describes the design of an integrity-aware Forensic Evidence Management System (FEMS). The well-known Biba integrity model is employed to preserve and reason about the integrity of stored evidence. Casey’s certainty scale provides the integrity classification scheme needed to apply the Biba model. The paper also discusses the benefits of using an integrity-aware system for managing digital evidence.
Chapter PDF
Similar content being viewed by others
References
AccessData, Forensic Toolkit (FTK) (http://www.accessdata.com).
Aprisma, Event correlation in Spectrum and other commercial products (http://www.aprisma.com/literature/white-papers/wp0551.pdf), 2000.
K. Burden and C. Palmer, Cyber crime — A new breed of criminal? Computer Law and Security Report, vol. 19(3), pp. 222–227, 2003.
L. Burns, J. Hellerstein, S. Ma, C. Perng, D. Rabenhorst and D. Taylor, Towards discovery of event correlation rules, Proceedings of the IEEE/IFIP International Symposium on Integrated Network Management, pp. 345–359, 2001.
E. Casey, Error, uncertainty and loss in digital evidence, International Journal of Digital Evidence, vol. 1(2), 2002.
H. Doernemann, Tool-based risk management made practical, Proceedings of the IEEE Joint Conference on Requirements Engineering, p. 192, 2002.
D. Forte, The art of log correlation: Tools and techniques for correlating events and log files, Computer Fraud and Security, pp. 7–11, June 2004.
L. Gordon, M. Loeb, W. Lucyshyn and R. Richardson, 2006 CSI/FBI Computer Crime and Security Survey, Computer Security Institute (http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2006.pdf), 2006.
S. Harris, CISSP Certification, McGraw-Hill Osborne, Emeryville, California, 2005.
C. Hosmer, Proving the integrity of digital evidence with time, International Journal of Digital Evidence, vol. 1(1), pp. 1–7, 2002.
R. Morris, Options in computer forensic tools, Computer Fraud and Security, pp. 8–11, November 2002.
A. Muscat, A log-analysis-based intrusion detection system for the creation of a specification-based intrusion prevention system, Proceedings of the University of Malta Annual Computer Science Research Workshop, 2003.
National Institute of Standards and Technology (NIST), National Software Reference Library (http://www.nsrl.nist.gov).
C. Pfleeger and S. Lawrence-Pfleeger, Security in Computing, Prentice Hall, Upper Saddle River, New Jersey, 2003.
B. Smith, Thinking about security monitoring and event correlation (http://www.lurhq.com/confarticle.htm).
P. Stephenson, The right tools for the job, Digital Investigation, vol. 1(1), pp. 24–27, 2004.
H. Tipton, Integrity models (http://www.ccert.edu.cn/education/cissp/hism/023-026.html).
J. Tudor, Information Security Architecture: An Integrated Approach to Security in the Organization, Auerbach/CRC Press, Boca Raton, Florida, 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Arthur, K., Olivier, M., Venter, H. (2007). Applying The Biba Integrity Model to Evidence Management. In: Craiger, P., Shenoi, S. (eds) Advances in Digital Forensics III. DigitalForensics 2007. IFIP — The International Federation for Information Processing, vol 242. Springer, New York, NY. https://doi.org/10.1007/978-0-387-73742-3_22
Download citation
DOI: https://doi.org/10.1007/978-0-387-73742-3_22
Publisher Name: Springer, New York, NY
Print ISBN: 978-0-387-73741-6
Online ISBN: 978-0-387-73742-3
eBook Packages: Computer ScienceComputer Science (R0)