File Download
  Links for fulltext
     (May Require Subscription)
Supplementary

Conference Paper: A dual cube hashing scheme for solving LPP integrity problem

TitleA dual cube hashing scheme for solving LPP integrity problem
Authors
Keywords3-Dimension Hashing
Combinatorial Group Testing (CGT)
Hard Disk Sector Allocation
Latent Sector Errors (LSEs)
Legal Professional Privilege (LPP)
Issue Date2011
PublisherIEEE.
Citation
The 6th International Workshop on Systematic Approaches to Digital Forensic Engineering In conjunction with the IEEE Security and Privacy Symposium (IEEE/SADFE 2011), Oakland, CA., 26 May 2011. In IEEE/SADFE Proceedings, 2011, p. 1-7 How to Cite?
AbstractIn digital forensics, data stored in a hard disk usually contains valuable evidence. Preserving the integrity of the data in the hard disk is a critical issue. A single hash value for the whole hard disk is not appropriate as the investigation may take a long time and latent sector errors (LSEs) (bad sectors due to media imperfection, for example) which cause a sector suddenly unreadable will make the hash value inconsistent. On the other hand, using a hash per sector may need to store a lot of hash values. Previous research has been conducted to use fewer hash values, but can resist some of LSEs to decrease the number of unverifiable sectors even if there are LSEs. This integrity problem is more complicated in the presence of Legal Professional Privileged (LPP) data inside a seized hard disk in digital forensic as the hard disk has to be cloned once seized and the original hard disk will be sealed after cloning. Hash values need to be computed during this cloning process. However, the cloned copy will be returned to the suspect for the deletion of LPP data before the investigator can work on the sanitized copy. Thus, the integrity of unmodified sectors has to be verified using the hash values computed based on the original hard disk. This paper found that existing schemes are not good enough to solve the integrity problem in the presence of both LSEs and deletion of LPP data. We then propose the idea of a "Dual Cube" hashing scheme to solve the problem. The experiments show the proposed scheme performs better than the previous schemes and fits easily into the digital forensic procedure. © 2011 IEEE.
Persistent Identifierhttp://hdl.handle.net/10722/139989
ISSN
References

 

DC FieldValueLanguage
dc.contributor.authorFang, Jen_HK
dc.contributor.authorJiang, ZLen_HK
dc.contributor.authorYiu, SMen_HK
dc.contributor.authorChow, KPen_HK
dc.contributor.authorHui, LCKen_HK
dc.contributor.authorChen, Len_HK
dc.contributor.authorNiu, Xen_HK
dc.date.accessioned2011-09-23T06:04:28Z-
dc.date.available2011-09-23T06:04:28Z-
dc.date.issued2011en_HK
dc.identifier.citationThe 6th International Workshop on Systematic Approaches to Digital Forensic Engineering In conjunction with the IEEE Security and Privacy Symposium (IEEE/SADFE 2011), Oakland, CA., 26 May 2011. In IEEE/SADFE Proceedings, 2011, p. 1-7en_HK
dc.identifier.issn1081-6011-
dc.identifier.urihttp://hdl.handle.net/10722/139989-
dc.description.abstractIn digital forensics, data stored in a hard disk usually contains valuable evidence. Preserving the integrity of the data in the hard disk is a critical issue. A single hash value for the whole hard disk is not appropriate as the investigation may take a long time and latent sector errors (LSEs) (bad sectors due to media imperfection, for example) which cause a sector suddenly unreadable will make the hash value inconsistent. On the other hand, using a hash per sector may need to store a lot of hash values. Previous research has been conducted to use fewer hash values, but can resist some of LSEs to decrease the number of unverifiable sectors even if there are LSEs. This integrity problem is more complicated in the presence of Legal Professional Privileged (LPP) data inside a seized hard disk in digital forensic as the hard disk has to be cloned once seized and the original hard disk will be sealed after cloning. Hash values need to be computed during this cloning process. However, the cloned copy will be returned to the suspect for the deletion of LPP data before the investigator can work on the sanitized copy. Thus, the integrity of unmodified sectors has to be verified using the hash values computed based on the original hard disk. This paper found that existing schemes are not good enough to solve the integrity problem in the presence of both LSEs and deletion of LPP data. We then propose the idea of a "Dual Cube" hashing scheme to solve the problem. The experiments show the proposed scheme performs better than the previous schemes and fits easily into the digital forensic procedure. © 2011 IEEE.en_HK
dc.languageengen_US
dc.publisherIEEE.-
dc.relation.ispartofIEEE Symposium on Security and Privacy Proceedingsen_HK
dc.rightsIEEE Symposium on Security and Privacy Proceedings. Copyright © IEEE.-
dc.rights©2011 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.-
dc.rightsCreative Commons: Attribution 3.0 Hong Kong License-
dc.subject3-Dimension Hashingen_HK
dc.subjectCombinatorial Group Testing (CGT)en_HK
dc.subjectHard Disk Sector Allocationen_HK
dc.subjectLatent Sector Errors (LSEs)en_HK
dc.subjectLegal Professional Privilege (LPP)en_HK
dc.titleA dual cube hashing scheme for solving LPP integrity problemen_HK
dc.typeConference_Paperen_HK
dc.identifier.emailFang, J: jbfang@cs.hku.hken_HK
dc.identifier.emailJiang, ZL: zoeljiang@gmail.comen_HK
dc.identifier.emailYiu, SM: smyiu@cs.hku.hken_HK
dc.identifier.emailChow, KP: chow@cs.hku.hk-
dc.identifier.emailHui, LCK: hui@cs.hku.hk-
dc.identifier.emailChen, L: chenlong@cqupt.edu.cn-
dc.identifier.emailNiu, X: xiamu.niu@hit.edu.cn-
dc.identifier.authorityYiu, SM=rp00207en_HK
dc.identifier.authorityChow, KP=rp00111en_HK
dc.identifier.authorityHui, LCK=rp00120en_HK
dc.description.naturepublished_or_final_version-
dc.identifier.doi10.1109/SADFE.2011.1en_HK
dc.identifier.scopuseid_2-s2.0-84863338627-
dc.identifier.hkuros192251en_US
dc.identifier.hkuros211527-
dc.relation.referenceshttp://www.scopus.com/mlt/select.url?eid=2-s2.0-84858732950&selection=ref&src=s&origin=recordpageen_HK
dc.identifier.spage1-
dc.identifier.epage7-
dc.publisher.placeUnited States-
dc.description.otherThe 6th International Workshop on Systematic Approaches to Digital Forensic Engineering In conjunction with the IEEE Security and Privacy Symposium (IEEE/SADFE 2011), Oakland, CA., 26 May 2011. In IEEE/SADFE Proceedings, 2011, p. 1-7-
dc.identifier.scopusauthoridFang, J=55125153800en_HK
dc.identifier.scopusauthoridJiang, ZL=24344329800en_HK
dc.identifier.scopusauthoridYiu, SM=7003282240en_HK
dc.identifier.scopusauthoridChow, KP=7202180751en_HK
dc.identifier.scopusauthoridHui, LCK=8905728300en_HK
dc.identifier.scopusauthoridChen, L=55125548300en_HK
dc.identifier.scopusauthoridNiu, X=7103278179en_HK
dc.customcontrol.immutablesml 130506-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats