File Download
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1109/SADFE.2011.1
- Scopus: eid_2-s2.0-84863338627
- Find via
Supplementary
-
Citations:
- Scopus: 0
- Appears in Collections:
Conference Paper: A dual cube hashing scheme for solving LPP integrity problem
| Title | A dual cube hashing scheme for solving LPP integrity problem |
|---|---|
| Authors | |
| Keywords | 3-Dimension Hashing Combinatorial Group Testing (CGT) Hard Disk Sector Allocation Latent Sector Errors (LSEs) Legal Professional Privilege (LPP) |
| Issue Date | 2011 |
| Publisher | IEEE. |
| Citation | The 6th International Workshop on Systematic Approaches to Digital Forensic Engineering In conjunction with the IEEE Security and Privacy Symposium (IEEE/SADFE 2011), Oakland, CA., 26 May 2011. In IEEE/SADFE Proceedings, 2011, p. 1-7 How to Cite? |
| Abstract | In digital forensics, data stored in a hard disk usually contains valuable evidence. Preserving the integrity of the data in the hard disk is a critical issue. A single hash value for the whole hard disk is not appropriate as the investigation may take a long time and latent sector errors (LSEs) (bad sectors due to media imperfection, for example) which cause a sector suddenly unreadable will make the hash value inconsistent. On the other hand, using a hash per sector may need to store a lot of hash values. Previous research has been conducted to use fewer hash values, but can resist some of LSEs to decrease the number of unverifiable sectors even if there are LSEs. This integrity problem is more complicated in the presence of Legal Professional Privileged (LPP) data inside a seized hard disk in digital forensic as the hard disk has to be cloned once seized and the original hard disk will be sealed after cloning. Hash values need to be computed during this cloning process. However, the cloned copy will be returned to the suspect for the deletion of LPP data before the investigator can work on the sanitized copy. Thus, the integrity of unmodified sectors has to be verified using the hash values computed based on the original hard disk. This paper found that existing schemes are not good enough to solve the integrity problem in the presence of both LSEs and deletion of LPP data. We then propose the idea of a "Dual Cube" hashing scheme to solve the problem. The experiments show the proposed scheme performs better than the previous schemes and fits easily into the digital forensic procedure. © 2011 IEEE. |
| Persistent Identifier | http://hdl.handle.net/10722/139989 |
| ISSN | 2020 SCImago Journal Rankings: 2.407 |
| References |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Fang, J | en_HK |
| dc.contributor.author | Jiang, ZL | en_HK |
| dc.contributor.author | Yiu, SM | en_HK |
| dc.contributor.author | Chow, KP | en_HK |
| dc.contributor.author | Hui, LCK | en_HK |
| dc.contributor.author | Chen, L | en_HK |
| dc.contributor.author | Niu, X | en_HK |
| dc.date.accessioned | 2011-09-23T06:04:28Z | - |
| dc.date.available | 2011-09-23T06:04:28Z | - |
| dc.date.issued | 2011 | en_HK |
| dc.identifier.citation | The 6th International Workshop on Systematic Approaches to Digital Forensic Engineering In conjunction with the IEEE Security and Privacy Symposium (IEEE/SADFE 2011), Oakland, CA., 26 May 2011. In IEEE/SADFE Proceedings, 2011, p. 1-7 | en_HK |
| dc.identifier.issn | 1081-6011 | - |
| dc.identifier.uri | http://hdl.handle.net/10722/139989 | - |
| dc.description.abstract | In digital forensics, data stored in a hard disk usually contains valuable evidence. Preserving the integrity of the data in the hard disk is a critical issue. A single hash value for the whole hard disk is not appropriate as the investigation may take a long time and latent sector errors (LSEs) (bad sectors due to media imperfection, for example) which cause a sector suddenly unreadable will make the hash value inconsistent. On the other hand, using a hash per sector may need to store a lot of hash values. Previous research has been conducted to use fewer hash values, but can resist some of LSEs to decrease the number of unverifiable sectors even if there are LSEs. This integrity problem is more complicated in the presence of Legal Professional Privileged (LPP) data inside a seized hard disk in digital forensic as the hard disk has to be cloned once seized and the original hard disk will be sealed after cloning. Hash values need to be computed during this cloning process. However, the cloned copy will be returned to the suspect for the deletion of LPP data before the investigator can work on the sanitized copy. Thus, the integrity of unmodified sectors has to be verified using the hash values computed based on the original hard disk. This paper found that existing schemes are not good enough to solve the integrity problem in the presence of both LSEs and deletion of LPP data. We then propose the idea of a "Dual Cube" hashing scheme to solve the problem. The experiments show the proposed scheme performs better than the previous schemes and fits easily into the digital forensic procedure. © 2011 IEEE. | en_HK |
| dc.language | eng | en_US |
| dc.publisher | IEEE. | - |
| dc.relation.ispartof | IEEE Symposium on Security and Privacy Proceedings | en_HK |
| dc.subject | 3-Dimension Hashing | en_HK |
| dc.subject | Combinatorial Group Testing (CGT) | en_HK |
| dc.subject | Hard Disk Sector Allocation | en_HK |
| dc.subject | Latent Sector Errors (LSEs) | en_HK |
| dc.subject | Legal Professional Privilege (LPP) | en_HK |
| dc.title | A dual cube hashing scheme for solving LPP integrity problem | en_HK |
| dc.type | Conference_Paper | en_HK |
| dc.identifier.email | Fang, J: jbfang@cs.hku.hk | en_HK |
| dc.identifier.email | Jiang, ZL: zoeljiang@gmail.com | en_HK |
| dc.identifier.email | Yiu, SM: smyiu@cs.hku.hk | en_HK |
| dc.identifier.email | Chow, KP: chow@cs.hku.hk | - |
| dc.identifier.email | Hui, LCK: hui@cs.hku.hk | - |
| dc.identifier.email | Chen, L: chenlong@cqupt.edu.cn | - |
| dc.identifier.email | Niu, X: xiamu.niu@hit.edu.cn | - |
| dc.identifier.authority | Yiu, SM=rp00207 | en_HK |
| dc.identifier.authority | Chow, KP=rp00111 | en_HK |
| dc.identifier.authority | Hui, LCK=rp00120 | en_HK |
| dc.description.nature | link_to_subscribed_fulltext | - |
| dc.identifier.doi | 10.1109/SADFE.2011.1 | en_HK |
| dc.identifier.scopus | eid_2-s2.0-84863338627 | - |
| dc.identifier.hkuros | 192251 | en_US |
| dc.identifier.hkuros | 211527 | - |
| dc.relation.references | http://www.scopus.com/mlt/select.url?eid=2-s2.0-84858732950&selection=ref&src=s&origin=recordpage | en_HK |
| dc.identifier.spage | 1 | - |
| dc.identifier.epage | 7 | - |
| dc.publisher.place | United States | - |
| dc.description.other | The 6th International Workshop on Systematic Approaches to Digital Forensic Engineering In conjunction with the IEEE Security and Privacy Symposium (IEEE/SADFE 2011), Oakland, CA., 26 May 2011. In IEEE/SADFE Proceedings, 2011, p. 1-7 | - |
| dc.identifier.scopusauthorid | Fang, J=55125153800 | en_HK |
| dc.identifier.scopusauthorid | Jiang, ZL=24344329800 | en_HK |
| dc.identifier.scopusauthorid | Yiu, SM=7003282240 | en_HK |
| dc.identifier.scopusauthorid | Chow, KP=7202180751 | en_HK |
| dc.identifier.scopusauthorid | Hui, LCK=8905728300 | en_HK |
| dc.identifier.scopusauthorid | Chen, L=55125548300 | en_HK |
| dc.identifier.scopusauthorid | Niu, X=7103278179 | en_HK |
| dc.customcontrol.immutable | sml 130506 | - |
| dc.identifier.issnl | 1081-6011 | - |