Generation and Handling of Hard Drive Duplicates as Piece of Evidence

An important area in digital forensics is images of hard disks. The correct production of the images as well as the integrity and authenticity of each hard disk image is essential for the probative force of the image to be used at court. Integrity and authenticity are under suspicion as digital evidence is stored and used by software based systems. Modifications to digital objects are hard or even impossible to track and can occur even accidentally. Even worse, vulnerabilities occur for all current computing systems. Therefore, it is difficult to guarantee a secure environment for forensic investigations. But intended deletions of dedicated data of disk images are often required because of legal issues in many countries. This article provides a technical framework on the protection of the probative force of hard disk images by ensuring the integrity and authenticity using state of the art technology. It combines hardware-based security, cryptographic hash functions and digital signatures to achieve a continuous protection of the image together with a reliable documentation of the status of the device that was used for image creation. The framework presented allows to detect modifications and to pinpoint the exact area of the modification to the digital evidence protecting the probative force of the evidence at a whole. In addition, it also supports the deletion of parts of images without invalidating the retained data blocks. Keywords: digital evidence, probative force hard disk image, verifiable deletion of image data, trusted imaging softwar

Towards forensic-ready software systems

As software becomes more ubiquitous, and the risk of cyber-crimes increases, ensuring that software systems are forensic-ready (i.e., capable of supporting potential digital investigations) is critical. However, little or no attention has been given to how well-suited existing software engineering methodologies and practices are for the systematic development of such systems. In this paper, we consider the meaning of forensic readiness of software, define forensic readiness requirements, and highlight some of the open software engineering challenges in the face of forensic readiness. We use a real software system developed to investigate online sharing of child abuse media to illustrate the presented concepts

Security vs. safety: Why do people die despite good safety?

This paper will show in detail the differences between safety and security. An argument is made for new system design requirements based on a threat sustainable system (TSS) drawing on threat scanning, flexibility, command and control, system of systems, human factors and population dependencies. Principles of sustainability used in historical design processes are considered alongside the complex changes of technology and emerging threat actors. The paper recognises that technologies and development methods for safety do not work for security. Safety has the notion of a one or two event protection, but cyber-attacks are multi-event situations. The paper recognizes that the behaviour of interconnected systems and modern systems requirements for national sustainability. System security principles for sustainability of critical systems are considered in relation to failure, security architecture, quality of service, authentication and trust and communication of failure to operators. Design principles for operators are discussed along with recognition of human factors failures. These principles are then applied as the basis for recommended changes in systems design and discuss system control dominating the hierarchy of design decisions but with harmonization of safety requirements up to the level of sustaining security. These new approaches are discussed as the basis for future research on adaptive flexible systems that can sustain attacks and the uncertainty of fast-changing technology

The Manuka Project

this paper inte rest will be stimulated to provide these researchers further ide as for use and enhancement. I