Advertisement

State of the Art in Trusted Computing Forensics

  • Waleed Halboob
  • Ramlan Mahmod
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 179)

Abstract

The release of trusted computing (TC) technology and its features, such as full disk encryption, has had several implications on the digital forensic investigation process. Today, it is clear from the number of proposed works that trusted computing forensics is a non-trivial topic. This paper presents the state of the art in trusted computing forensics. It starts by establishing the context of the research area by introducing the concept of trusted computing. Then, it reviews the existing trusted computing forensic researches related to all of the branches of digital forensics and investigation steps. Finally, this paper discusses the current open issues and future research directions in the field of trusted computing forensics. To the best of our knowledge, this paper is the first research to investigate the state of trusted computing forensics using a classification way based on the digital forensic types and investigation steps.

Keywords

Trusted computing digital forensics TPM full disk encryption BitLocker 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    McKemmish, R.: What is forensic computing? Trends and Issues in Crime and Criminal Justices. Australian Institute of Criminology 118, 1–6 (1999)Google Scholar
  2. 2.
    Noblett, M.G., Pollitt, M.M., et al.: Recovering and Examining Computer Forensic Evidence. Forensic Science Communication 2(4) (2000)Google Scholar
  3. 3.
    Robbins, J.: An Explanation of Computer Forensics (retrieved September 20, 2011) Google Scholar
  4. 4.
    Böck, B., Huemer, D., et al.: Towards More Trustable Log Files for Digital Forensics by Means of “Trusted Computing”. In: Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications, AINA 2010, Perth, Australia (2010)Google Scholar
  5. 5.
    Garber, L.: Computer Forensic: High-Tech Law Enforcement. IEEE Computer Society’s Computer Magazine 34(1), 22–27 (2001)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Patzakis, J.: Computer Forensics as an Integral Component of the Information Security Enterprise (2003), http://www1.stpt.usf.edu/gkearns/Articles_Fraud/computerforensics.pdf
  7. 7.
    Yasinsac, A.Y., Erbacher, R.F., et al.: Computer Forensics Education. Security & Privacy Magazine 1(4), 15–23 (2003)CrossRefGoogle Scholar
  8. 8.
    Slade, R.: Software Forensics: Collecting Evidence from the Scene of a Digital Crime. McGraw Hill, New York (2004)Google Scholar
  9. 9.
    Bitpipe, Computer Forensic (2005), http://www.bitpipe.com/tlist/Computer-Forensics.html (retrieved May 12, 2010)
  10. 10.
    Stephenson, P.: The Forensic Investigation Steps. Computer Fraud & Security (10), 17–19 (2002)Google Scholar
  11. 11.
    Mason, S.: Trusted Computing and Forensic Investigation. Digital Forensic 2(3), 4 (2005)Google Scholar
  12. 12.
    Burmester, M., Mulholland, J.: The Advent of Trusted Computing: Implications for Digital Forensics. In: ACM Symposium on Applied Computing, Dijon, France (2006)Google Scholar
  13. 13.
    Spafford, E.: Some Challenges in Digital Forensics. In: Advances in Digital Forensics II (2006)Google Scholar
  14. 14.
    Adams, C.W.: Legal Issues Pertaining to the Development of Digital Forensic Tools. In: 3rd International Workshop on Systematic Approaches to Digital Forensic Engineering, Oakland, California, USA (2008)Google Scholar
  15. 15.
    Caloyannides, M.A.: Forensics Is So "Yesterday". IEEE Security & Privacy 7(2), 18–25 (2009)CrossRefGoogle Scholar
  16. 16.
    Carrier, B.D.: Digital Forensics Works. Computing in Science and Engineering 7(2), 26–29 (2009)Google Scholar
  17. 17.
    Liles, S., Rogers, M., et al.: Survey of the Legal Issues Facing Digital Forensic Experts. In: Advances in Digital Forensics V (2009)Google Scholar
  18. 18.
    Mohay, G., Anderson, A., et al.: Computer and Intrusion Forensics. Artech House, Boston (2002)Google Scholar
  19. 19.
    Bruschi, D., Monga, M., et al.: Trusted Internet Forensics: design of a network forensics appliance. In: First IEEE/CreateNet Computer Network Forensics Research, Athens (2005)Google Scholar
  20. 20.
    Gray, A., Sallis, P., et al.: Software Forensics: Extending Authorship Analysis Techniques to Computer Programs. In: Proceedings of the 3rd Biannual Conference of the International Association of Forensic Linguists (IAFL), Durham NC, USA (1997)Google Scholar
  21. 21.
    Krsul, I., Spafford, E.H.: Authorship analysis: identifying the author of a program. Computers & Security 16(3), 233–257 (1997)CrossRefGoogle Scholar
  22. 22.
    MacDonell, S., Buckingham, D., et al.: Software Forensics: Extending Authorship Analysis Techniques to Computer Programs. Journal of Systems Research and Information Systems 13(1), 34–69 (2002)Google Scholar
  23. 23.
    Chen, R., Hong, L., et al.: Author Identification of Software Source Code with Program Dependence Graphs. In: IEEE 34th Annual Computer Software and Applications Conference Workshops, Seoul, Korea. IEEE (2010)Google Scholar
  24. 24.
    Frantzeskou, G., Gritzalis, S.: Source Code Authorship Analysis for Supporting the Cybercrime Investigation Process. In: 1st International Conference on E-Business and Telecommunication Networks, Lisboa, Portuguese (2004)Google Scholar
  25. 25.
    Benredjem, D.: Contributions to Cyber Forensics: Processes and E-Mail Analysis. In: Electronical and Computer Engineering. Concordia University, Master (2007)Google Scholar
  26. 26.
    Carrier, B., Spafford, E.H., et al.: Getting Physical with the Digital Investigation Process. International Journal of Digital Evidence 2(2), 1–20 (2003)Google Scholar
  27. 27.
    Stephenson, P.: The DFRWS Framework Classes (2003), http://people.emich.edu/pstephen/my_papers/DFRWS_Classes.PDF (retrieved March 3, 2010)
  28. 28.
    Stephenson, P.: A Comprehensive approach to digital incident investigation. Information Security Technical Report 8(8), 42–54 (2003)Google Scholar
  29. 29.
    Perumal, S.: Digital Forensic Model Based On Malaysian Investigation Process. International Journal of Computer Science and Network Security 9(8), 38–44 (2009)Google Scholar
  30. 30.
    Vidiot: The Affect of Trusted Platform Modules on Computer Forensics (2007), http://infosectech.net/msia/MBuchert_extra_credit-Affect_of_TPMs_on_%20Forensics.zip (retrieved March 20, 2010)
  31. 31.
    Lowman, S.: The effect of file and disk encryption on computer forensic (2010), http://lowmanio.co.uk/share/The%20Effect%20of%20File%20and%20Disk%20Encryption%20on%20Computer%20Forensics.pdf (retrieved March 21, 2010)
  32. 32.
    HogFly, Detecting Bit-Locker (2007), http://windowsir.blogspot.com/2007/04/drive-encryption.html (retrieved September 21, 2010)
  33. 33.
    Hunter, J.: Detecting BitLocker, http://blogs.msdn.com/b/si_team/archive/2006/10/26/detecting-bitlocker.aspx (retrieved September 20, 2010)
  34. 34.
    Hargreaves, C., Chivers, H.: Potential Impacts of Windows Vista on Digital Investigations. In: Advanced in Computer Security and Forensics, ACSF (2007)Google Scholar
  35. 35.
    Mitchell: Applying Forensic Science to Trusted Enterprise Network (2010), http://tools.ietf.org/html/draft-mitchell-nwg-00 (retrieved April 2, 2010)
  36. 36.
    Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Transactions on Information and System Security (TISSEC) 2(2), 156–176 (1999)CrossRefGoogle Scholar
  37. 37.
    Sommer, P.: Downloads, Logs and Captures: Evidence from Cyberspace. Journal of Financial Crime 5(2), 138–151 (1997)CrossRefGoogle Scholar
  38. 38.
    Hosmer, C.: Proving the Integrity of Digital Evidence with Time. International Journal of Digital Evidence 1(1), 1–7 (2002)Google Scholar
  39. 39.
    Borck, J.: Leave the cyber sleuthing to the experts (2001), http://www.infoworld.com/articles/tc/xml/01/04/09/010409tccounter.html (retrieved October 30, 2010)
  40. 40.
    Richter, J., Kuntze, N., et al.: Securing Digital Evidence. In: Fifth IEEE International Workshop on Systematic Approaches to Digital Systematic Approaches to Digital Forensic Engineering (SADFE), The Claremont Resort, Oakland, CA, USA (2010)Google Scholar
  41. 41.
    Antoniou, G., Wilson, C., Geneiatakis, D.: PPINA - A Forensic Investigation Protocol for Privacy Enhancing Technologies. In: Leitold, H., Markatos, E.P. (eds.) CMS 2006. LNCS, vol. 4237, pp. 185–195. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  42. 42.
    Antoniou, G., Gritzalis, S.: RPINA- Network Forensics Protocol Embedding Privacy Enhancing Technologies. In: IEEE International Symposium on Communications and Information Technology (ISCIT), Bangkok, Thailand (2006)Google Scholar
  43. 43.
    Antoniou, G., Sterling, L., et al.: Privacy and forensics investigation process: The ERPINA protocol. Computer Standards & Interfaces 30, 229–236 (2008)CrossRefGoogle Scholar
  44. 44.
    Olivier, M.: Forensics and Privacy-Enhancing Technologies. In: Advances in Digital Forensic, ch. 2 (2008)Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2012

Authors and Affiliations

  1. 1.Center of Excellence in Information AssuranceKing Saud UniversityRiyadhSaudi Arabia
  2. 2.Faculty of Computer Science and Information TechnologyUniversiti Putra MalaysiaSerdangMalaysia

Personalised recommendations