A Digital Forensics Investigation Model for Confidentiality, Integrity and Authenticity
No Thumbnail Available
University of Lagos
Digital Forensics Investigation Models (DFIMs) are developed to assist investigators in handling Digital Evidence (DE) related to computers and other digital media. Researchers have developed various DFIMs over the years to ensure that the integrity of the digital evidence (DE) under scrutiny remains intact. The existing DFIMs have the following shortcomings: duplication of activities within the phases of the models; lack of maintenance of Digital Chain of Custody (DCoC) to keep track of the proper log of the DE; and lack of consideration for confidentiality and authenticity attributes. To address these challenges, this study developed an investigation model named Digital Forensics Investigation -Digital Chain of Custody (DFI-DCoC) Model. DFI-DCoC consists of only core investigation processes, thereby minimizing the number of phases. The developed model also incorporated DCoC as a way of ensuring the confidentiality, integrity and authenticity of digital evidence during the investigation. The model further incorporated a parameter that specified the number of participating investigators in the investigation process. This is to prevent the transfer of responsibility to the person(s) not listed within the investigation process. Additionally, a technique for ensuring Confidentiality, Integrity, and Authenticity of the DE and DCoC was introduced in the model. The DFI- DCoC model was developed by harmonising and extracting common phases that facilitate error correction through iteration. The phases were drawn from eight existing models. The DCoC was created and applied across the phases of the model. An algorithm representing the investigation model was designed and implemented. The algorithm deployed 2-Stage Authorization using a symmetric key, Secure Hash Algorithm 1 (SHA-1) hashing function and Advanced Encryption Standard (AES) encryption to ensure the Authenticity, Integrity, and Confidentiality respectively of the DE and DCoC in the model. The model was tested using two sets of data: students’ results and a company’s financial records and in two scenarios – error-free transmission and transmission with an error. In the error-free transmission, unaltered digital evidence was used; the hash value was generated, digital evidence was encrypted, and the 2-Stage authorization was carried out using authorized investigators. The two sets of data were subjected to testing to determine if breaches during transmission could be detected during transmission. Results showed that the confidentiality and integrity of the results were the same as the input data, while for authenticity; only authorized investigators were duly granted access using the symmetric key. The unauthorised investigators were detected and denied access. Introduction and application of DCoC and the security features guarantee Confidentiality, Integrity and Authenticity of Digital Evidence and Digital Chain of Custody. Undoubtedly, the developed DFI-DCoC Model guarantees Confidentiality, Integrity and Authenticity of digital evidence and digital chain of custody.
This is a Ph.D. thesis
Authenticity, Confidentiality, Digital Chain of Custody, Digital Evidence, Integrity.