Indexing Information for Data Forensics
Summary:
Computer forensics deals with methods for extracting digital evidence after a computer crime has been committed. Typically, such crimes involve modifying documents, databases, and other data structures to an attacker’s advantage. Examples could include a student changing a grade in a registrar’s database, a dishonest speculator altering online financial data for a certain company, an identity thief modifying personal information
of a victim, or a computer intruder altering system logs to mask a virus infection. It would be ideal in such cases if an investigator could identify, after the fact, which pieces of information were changed and, in so doing, be able to implicate the attacker. In the rest of this section, we describe our motivation, model, and related work, and we summarize our contributions. But before doing so, we briefly give a simplified and intuitive overview of what this paper is about. A cryptographic one-way hash is a commonly used way of detecting unauthorized or otherwise malicious modification of a file or other digital object (e.g., [5, 44, 62], to mention a few of many examples). This is done by storing a keyed cryptographic hash of the item and using it later as a reference for comparison. This paper is about going beyond the yes/no afforded by this common use of cryptographic hashes: given n
items, we now seek to store as few hashes as possible so as to enable the pinpointing of which of these n items were modified (by comparing the computed hashes to the stored hash values). Of course a hash is now applied to (a concatenation of) a subset of the n items. But which subsets, and how many of them, are needed so as to pinpoint the modifications of up to d of the n items ?
Format:
Pages : 16
Size: 267 kb
Author: Michael T. Goodrich, Mikhail J. Atallah, and Roberto Tamassia
Download:
Indexing Information for Data Forensics