Two-Step Injection Method for Collecting Digital Evidence in Digital Forensics

Authors

  • Nana Rachmana Syambas Telematics Laboratory, School of Electrical and Informatics Engineering, Institut Teknologi Bandung, Jl. Ganesha No. 10, Bandung 40132, Indonesia
  • Naufal El Farisi Telematics Laboratory, School of Electrical and Informatics Engineering, Institut Teknologi Bandung, Jl. Ganesha No. 10, Bandung 40132, Indonesia

DOI:

https://doi.org/10.5614/itbj.ict.res.appl.2014.8.2.5

Abstract

In digital forensic investigations, the investigators take digital evidence from computers, laptops or other electronic goods. There are many complications when asuspect or related person does not want to cooperate or has removed digital evidence. Alot of research has been done with the goal of retrieving data from flash memory orother digital storage media from which the content has been deleted. Unfortunately,such methods cannot guarantee that all data will be recovered. Most data can only berecovered partially and sometimes not perfectly, so that some or all files cannot beopened. This paper proposes the development of a new method for the retrieval ofdigital evidence called the Two-Step Injection method (TSI). It focuses on theprevention of the loss of digital evidence through the deletion of data by suspects orother parties. The advantage of this method is that the system works in secret and can becombined with other digital evidence applications that already exist, so that theaccuracy and completeness of the resulting digital evidence can be improved. Anexperiment to test the effectiveness of the method was set up. The developed TSIsystem worked properly and had a 100% success rate.

References

Psaroudakis, I., Katos, V., Saragiotis, P. & Mitrou, L., A Method for Forensic Artifact Collection, Analysis and Incident Response in Environments Running Session Initiation Protocol and Session Description Protocol, Int. J. of Electronic Security and Digital Forensics, 6(4), pp. 241-267, 2014.

Casey, E., Error, Uncertainty and Loss in Digital Evidence. International Journal of Digital Evidence, 1(2), pp. 1-45, 2002.

Casey, E. & Stellatos, The Impact of Full Disk Encryption on Digital Forensics. ACM SIGOPS Operating Systems Review, 423, pp. 93-98,

Carrier, B., Defining Digital Forensics Examination and Analysis Tools. Digital Research Workshop II, Syracuse New York, pp. 1-10, 2002.

Carrier, B., Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers, International Journal of Digital Evidence, 1(4), pp. 1-12, 2003.

Sindhu, K.K. & Meshram, B.B., Digital Forensics and Cyber Crime Datamining, Journal of Information Security, 3, pp. 196-201, 2012.

Hou, S., Yiu, S.M., Uehara, T. & Sasaki, R., A Privacy-Preserving Approach for Collecting Evidence in Forensic Investigation, International Journal of Cyber-Security and Digital Forensics (IJCSDF), 2(1), pp. 70-78, 2013.

Casey, E., Handbook of Digital Forensics and Investigation. Elsevier Academic Press, California USA, 2010.

Nikkel, B.J., Fostering Incident Response and Digital Forensics Research, Elsevier, Digital Investigation, 11(4), pp.249-251, 2014.

Birajdar, G.K. & Mankar, V.H., Digital Image Forgery Detection Using Passive Techniques: A Survey, Elsevier, Digital Investigation, 10(3), pp. 226-245, 2013.

Lim, K.S. & Lee, C., A Framework for Unified Digital Evidence Management in Security Convergence, Electronic Commerce Research, 13(3), pp. 379-398, 2013.

Pladna, B., Computer Forensics Procedures, Tools, and Digital Evidence Bags, East Carolina University USA, ICTN6870, 2009.

Karayianni, S., Katos, V. & Giorgiadis, C.K., A Framework for Password Harvesting From Volatile Memory, Int. J. of Electronic Security and Digital Forensics, 4(2/3), pp. 154-163, 2012.

Martini, B. & Choo, K.R., An Integrated Conceptual Digital Forensic Framework for Cloud Computing, Elsevier, Digital Investigation, 9(2), pp. 71-80, 2012.

Vacca, J R., Computer Forensics-Computer CrimeScene Investigation, Charles River Media Inc., 2002.

Grobler, M., The Need for Digital Evidence Standardisation, International Journal of Digital Crime and Forensic, 4(2), pp. 1-12, 2012.

Harrison, W., The Digital Detective: an Introduction to Digital Forensics, Advances in Computers, Vol. 60, pp. 75-119, 2004.

Alharbi, S., Weber, J. & Traore, I., The Proactive and Reactive Digital Forensics Investigation Process: A Systematic Literature Review, International Journal of Security and Its Applications, 5(4), pp. 59-71, 2011.

Cecchini, S. & Gan, D., SQL Injection Attacks with the AMPA Suite, J. of Electronic Security and Digital Forensics, 5(2), pp. 139-160, 2013.

Tripathi, S. & Meshram, B.B., Digital Evidence for Database Tamper Detection, Journal of Information Security, 3, pp. 113-121, 2012.

Investigation, Federal Bureau of, Federal Rules of Evidence. Retrieved from Federal Rules of Evidence Rule 901 (Authentication and Identification Rule used for Chainof Custody): http://federalevidence.com/rules-of-evidence#Rule901 (12 August 2014).

National Library of Indonesia, Law of the Republic of Indonesia Number 11, 2008. Retrieved from: http://datahukum.pnri.go.id/undang-undang/ 2008 (12 August 2014).

Downloads

Published

2014-12-20

Issue

Section

Articles