Ensuring the Authenticity and Non-Misuse of Data Evidence in Digital Forensics

Jingsha He¹, Gongzheng Liu¹, Bin Zhao^1,2,3, Xuejiao Wan¹ and Na Huang¹

(1. School of Software Engineering, Beijing University of Technology, Beijing 100124, China; 2. Dept. of Computer Science, Jining University, Qufu 273155, China; 3. State Key Laboratory of Digital Publishing Technology, Peking University Founder Group Co.,Ltd, Beijing 100871, China)



Abstract:

In forensic investigations, it is vital that the authenticity of digital evidence should be ensured. In addition, technical means should be provided to ensure that digital evidence collected cannot be misused for the purpose of perjury. In this paper, we present a method to ensure both authenticity and non-misuse of data extracted from wireless mobile devices. In the method, the device ID and a timestamp become a part of the original data and the Hash function is used to bind the data together. Encryption is applied to the data, which includes the digital evidence, the device ID and the timestamp. Both symmetric and asymmetric encryption systems are employed in the proposed method where a random session key is used to encrypt the data while the public key of the forensic server is used to encrypt the session key to ensure security and efficiency. With the several security mechanisms that we show are supported or can be implemented in wireless mobile devices such as the Android, we can ensure the authenticity and non-misuse of data evidence in digital forensics.

Key words:  digital forensics  authenticity  non-misuse  digital evidence

DOI：10.11916/j.issn.1005-9113.2015.01.014

Clc Number:TP391

Fund: