Two-Step Injection Method for Collecting Digital Evidence in Digital Forensics

Nana Rachmana Syambas, Naufal El Farisi

Abstract


In digital forensic investigations, the investigators take digital evidence from computers, laptops or other electronic goods. There are many complications when a suspect or related person does not want to cooperate or has removed digital evidence. A lot of research has been done with the goal of retrieving data from flash memory or other digital storage media from which the content has been deleted. Unfortunately, such methods cannot guarantee that all data will be recovered. Most data can only be recovered partially and sometimes not perfectly, so that some or all files cannot be opened. This paper proposes the development of a new method for the retrieval of digital evidence called the Two-Step Injection method (TSI). It focuses on the prevention of the loss of digital evidence through the deletion of data by suspects or other parties. The advantage of this method is that the system works in secret and can be combined with other digital evidence applications that already exist, so that the accuracy and completeness of the resulting digital evidence can be improved. An experiment to test the effectiveness of the method was set up. The developed TSI system worked properly and had a 100% success rate.


Full Text:

PDF

References


Psaroudakis, I., Katos, V., Saragiotis, P. & Mitrou, L., A Method for Forensic Artifact Collection, Analysis and Incident Response in Environments Running Session Initiation Protocol and Session Description Protocol, Int. J. of Electronic Security and Digital Forensics, 6(4), pp. 241-267, 2014.

Casey, E., Error, Uncertainty and Loss in Digital Evidence. International Journal of Digital Evidence, 1(2), pp. 1-45, 2002.

Casey, E. & Stellatos, The Impact of Full Disk Encryption on Digital Forensics. ACM SIGOPS Operating Systems Review, 423, pp. 93-98,

Carrier, B., Defining Digital Forensics Examination and Analysis Tools. Digital Research Workshop II, Syracuse New York, pp. 1-10, 2002.

Carrier, B., Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers, International Journal of Digital Evidence, 1(4), pp. 1-12, 2003.

Sindhu, K.K. & Meshram, B.B., Digital Forensics and Cyber Crime Datamining, Journal of Information Security, 3, pp. 196-201, 2012.

Hou, S., Yiu, S.M., Uehara, T. & Sasaki, R., A Privacy-Preserving Approach for Collecting Evidence in Forensic Investigation, International Journal of Cyber-Security and Digital Forensics (IJCSDF), 2(1), pp. 70-78, 2013.

Casey, E., Handbook of Digital Forensics and Investigation. Elsevier Academic Press, California USA, 2010.

Nikkel, B.J., Fostering Incident Response and Digital Forensics Research, Elsevier, Digital Investigation, 11(4), pp.249-251, 2014.

Birajdar, G.K. & Mankar, V.H., Digital Image Forgery Detection Using Passive Techniques: A Survey, Elsevier, Digital Investigation, 10(3), pp. 226-245, 2013.

Lim, K.S. & Lee, C., A Framework for Unified Digital Evidence Management in Security Convergence, Electronic Commerce Research, 13(3), pp. 379-398, 2013.

Pladna, B., Computer Forensics Procedures, Tools, and Digital Evidence Bags, East Carolina University USA, ICTN6870, 2009.

Karayianni, S., Katos, V. & Giorgiadis, C.K., A Framework for Password Harvesting From Volatile Memory, Int. J. of Electronic Security and Digital Forensics, 4(2/3), pp. 154-163, 2012.

Martini, B. & Choo, K.R., An Integrated Conceptual Digital Forensic Framework for Cloud Computing, Elsevier, Digital Investigation, 9(2), pp. 71-80, 2012.

Vacca, J R., Computer Forensics-Computer CrimeScene Investigation, Charles River Media Inc., 2002.

Grobler, M., The Need for Digital Evidence Standardisation, International Journal of Digital Crime and Forensic, 4(2), pp. 1-12, 2012.

Harrison, W., The Digital Detective: an Introduction to Digital Forensics, Advances in Computers, Vol. 60, pp. 75-119, 2004.

Alharbi, S., Weber, J. & Traore, I., The Proactive and Reactive Digital Forensics Investigation Process: A Systematic Literature Review, International Journal of Security and Its Applications, 5(4), pp. 59-71, 2011.

Cecchini, S. & Gan, D., SQL Injection Attacks with the AMPA Suite, J. of Electronic Security and Digital Forensics, 5(2), pp. 139-160, 2013.

Tripathi, S. & Meshram, B.B., Digital Evidence for Database Tamper Detection, Journal of Information Security, 3, pp. 113-121, 2012.

Investigation, Federal Bureau of, Federal Rules of Evidence. Retrieved from Federal Rules of Evidence Rule 901 (Authentication and Identification Rule used for Chainof Custody): http://federalevidence.com/rules-of-evidence#Rule901 (12 August 2014).

National Library of Indonesia, Law of the Republic of Indonesia Number 11, 2008. Retrieved from: http://datahukum.pnri.go.id/undang-undang/ 2008 (12 August 2014).




DOI: http://dx.doi.org/10.5614%2Fitbj.ict.res.appl.2014.8.2.5

Refbacks

  • There are currently no refbacks.


Contact Information:

ITB Journal Publisher, LPPM – ITB, 

Center for Research and Community Services (CRCS) Building Floor 7th, 
Jl. Ganesha No. 10 Bandung 40132, Indonesia,

Tel. +62-22-86010080,

Fax.: +62-22-86010051;

e-mail: jictra@lppm.itb.ac.id.