FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W1584130572> ?p ?o ?g. }

• W1584130572 abstract "The reliability of digital evidence is an important consideration in legal cases requiring sound validation. To ensure its reliability, digital evidence requires the adoption of reliable processes for the acquisition, preservation, and analysis of digital data. To undertake these tasks, the courts expect digital forensic practitioners to possess specialised skills, experience, and use sound forensic tools and processes. The courts require that the reliability of digital evidence can be verified with supporting documentation; notably acquisition process logs and a chain of custody register, confirming that the process of recovering and protecting the evidence was based on sound scientific principles. In typical cases the digital evidence has been ‘preserved’ in a special file or ‘container’ that has been declared to be secure on the basis that it is not possible to tamper with the contents of the container or the information supporting the contents (metadata) without this act being discovered. However, through the use of a freely available open source library, libewf, it has been discovered that the most commonly used forensic container format, Encase Evidence File Format, also known by its file extension .E01, can be manipulated to circumvent validation by forensic tools. This digital forensic container contains an embedded forensic image of the acquired device and metadata fields containing information about the data that was acquired, the circumstances of the acquisition, and details about the device from which the forensic image was acquired. It has been found that both the forensic image and the metadata associated with that image can be freely altered using simple file editors and open source software. Exploiting these weaknesses within the Encase Evidence File format results in a forensic container that can be altered but fails to provide any evidence that this has occurred. In practice the original device is often unavailable, damaged, or otherwise unable to provide independent validation of the data held in the container. In such situations, it would be difficult, if not impossible, to determine which of two forensic containers held the original record of the evidence. As part of a proof of concept, existing libewf code was manipulated to allow for legitimate metadata to be attached to a compromised and altered forensic image with recalculated hashes and data integrity checksums. Without incontrovertible records of the original data’s hash value, this manipulation might only be detected by an independent third party holding a copy of the original forensic container’s metadata and hashes for comparison. While hashes and metadata held by an interested party could also potentially be altered or declared unreliable, an uninterested party would be able to provide a more reliable set of hashes that could be used to validate the unaltered container. In order to add to the body of knowledge supporting digital forensics as a scientific discipline this research has brought into question a fundamental assumption about the reliability of a fundamental method currently used to collect and validate digital evidence. Further research is required to determine the whether processes can be designed to enhance the detection of contaminated images." @default.
• W1584130572 created "2016-06-24" @default.
• W1584130572 creator A5018513256 @default.
• W1584130572 date "2014-01-01" @default.
• W1584130572 modified "2023-09-26" @default.
• W1584130572 title "Validation of forensic images for assurance of digital evidence integrity" @default.
• W1584130572 cites W134076915 @default.
• W1584130572 cites W1482195127 @default.
• W1584130572 cites W1487000866 @default.
• W1584130572 cites W1488043155 @default.
• W1584130572 cites W1488505771 @default.
• W1584130572 cites W1505526238 @default.
• W1584130572 cites W1534992827 @default.
• W1584130572 cites W1557321694 @default.
• W1584130572 cites W1565792826 @default.
• W1584130572 cites W1578425966 @default.
• W1584130572 cites W185406290 @default.
• W1584130572 cites W1947796688 @default.
• W1584130572 cites W1968389182 @default.
• W1584130572 cites W1986896180 @default.
• W1584130572 cites W2006275091 @default.
• W1584130572 cites W2010573219 @default.
• W1584130572 cites W2024418162 @default.
• W1584130572 cites W2031567282 @default.
• W1584130572 cites W2063741633 @default.
• W1584130572 cites W206858312 @default.
• W1584130572 cites W2076342816 @default.
• W1584130572 cites W2077264835 @default.
• W1584130572 cites W2092931613 @default.
• W1584130572 cites W2103239853 @default.
• W1584130572 cites W2111175494 @default.
• W1584130572 cites W2114264293 @default.
• W1584130572 cites W2116666322 @default.
• W1584130572 cites W2119512023 @default.
• W1584130572 cites W2125767749 @default.
• W1584130572 cites W2129107188 @default.
• W1584130572 cites W2156350103 @default.
• W1584130572 cites W2156849122 @default.
• W1584130572 cites W2160613996 @default.
• W1584130572 cites W2165064433 @default.
• W1584130572 cites W2165722596 @default.
• W1584130572 cites W2166362740 @default.
• W1584130572 cites W2169049929 @default.
• W1584130572 cites W2300682923 @default.
• W1584130572 cites W2478929913 @default.
• W1584130572 cites W2620696657 @default.
• W1584130572 cites W2678071009 @default.
• W1584130572 cites W2887878085 @default.
• W1584130572 cites W2895886292 @default.
• W1584130572 cites W3124023271 @default.
• W1584130572 cites W560342346 @default.
• W1584130572 cites W598294359 @default.
• W1584130572 cites W81446809 @default.
• W1584130572 cites W1546759463 @default.
• W1584130572 cites W1568447856 @default.
• W1584130572 hasPublicationYear "2014" @default.
• W1584130572 type Work @default.
• W1584130572 sameAs 1584130572 @default.
• W1584130572 citedByCount "0" @default.
• W1584130572 crossrefType "dissertation" @default.
• W1584130572 hasAuthorship W1584130572A5018513256 @default.
• W1584130572 hasConcept C111919701 @default.
• W1584130572 hasConcept C115961682 @default.
• W1584130572 hasConcept C121332964 @default.
• W1584130572 hasConcept C127413603 @default.
• W1584130572 hasConcept C136764020 @default.
• W1584130572 hasConcept C154945302 @default.
• W1584130572 hasConcept C163258240 @default.
• W1584130572 hasConcept C199360897 @default.
• W1584130572 hasConcept C2522767166 @default.
• W1584130572 hasConcept C2781018962 @default.
• W1584130572 hasConcept C2781357168 @default.
• W1584130572 hasConcept C38652104 @default.
• W1584130572 hasConcept C41008148 @default.
• W1584130572 hasConcept C42781572 @default.
• W1584130572 hasConcept C43214815 @default.
• W1584130572 hasConcept C556601545 @default.
• W1584130572 hasConcept C56666940 @default.
• W1584130572 hasConcept C62520636 @default.
• W1584130572 hasConcept C78519656 @default.
• W1584130572 hasConcept C84418412 @default.
• W1584130572 hasConcept C93518851 @default.
• W1584130572 hasConcept C9417928 @default.
• W1584130572 hasConcept C98045186 @default.
• W1584130572 hasConceptScore W1584130572C111919701 @default.
• W1584130572 hasConceptScore W1584130572C115961682 @default.
• W1584130572 hasConceptScore W1584130572C121332964 @default.
• W1584130572 hasConceptScore W1584130572C127413603 @default.
• W1584130572 hasConceptScore W1584130572C136764020 @default.
• W1584130572 hasConceptScore W1584130572C154945302 @default.
• W1584130572 hasConceptScore W1584130572C163258240 @default.
• W1584130572 hasConceptScore W1584130572C199360897 @default.
• W1584130572 hasConceptScore W1584130572C2522767166 @default.
• W1584130572 hasConceptScore W1584130572C2781018962 @default.
• W1584130572 hasConceptScore W1584130572C2781357168 @default.
• W1584130572 hasConceptScore W1584130572C38652104 @default.
• W1584130572 hasConceptScore W1584130572C41008148 @default.
• W1584130572 hasConceptScore W1584130572C42781572 @default.
• W1584130572 hasConceptScore W1584130572C43214815 @default.
• W1584130572 hasConceptScore W1584130572C556601545 @default.

• next