Click here to load reader

Shahzad Saleem 25042015-S5-ReducedAbstract-Final 806849/FULLTEXT02.pdf · PDF file Forensics Shahzad Saleem Academic dissertation for the Degree of Doctor of Philosophy in Computer

  • View
    2

  • Download
    0

Embed Size (px)

Text of Shahzad Saleem 25042015-S5-ReducedAbstract-Final 806849/FULLTEXT02.pdf · PDF file...

  • Protecting the Integrity of Digital Evidence and Basic Human Rights During the Process of Digital Forensics Shahzad Saleem

    Academic dissertation for the Degree of Doctor of Philosophy in Computer and Systems Sciences at Stockholm University to be publicly defended on Friday 5 June 2015 at 13.00 in L50, NOD-huset, Borgarfjordsgatan 12.

    Abstract Scientific development and progress in the fields of computer science, information technology and their related disciplines, have transformed our world into a “digital world”. Omnipresent digital devices and e-services running on numerous versions of pervasive e-infrastructures generate a wealth of electronically stored information (ESI) from which we can extract a great deal of potential digital evidence.

    Digital evidence is sometimes even more revealing than its traditional counterpart, but at the same time it is very fragile and volatile in nature. Preserving the integrity of digital evidence is therefore of major concern, especially when it comes from purportedly illegal, illicit and malicious activities. The acquisition and analysis of digital evidence are also crucial to the functioning of the digital world, regardless of the positive or negative implications of the actions and activities that generated the evidence. All stakeholders should have the right to be assured of the accuracy of the digital forensics process and the people involved in it. Currently they surrender these rights and have to trust the process and the individuals carrying it out. They do not have any guarantee that intentional or unintentional conduct or modification will not affect the outcome of the forensic process, which might compromise their other human rights as a consequence, such as their right to liberty and even their right to life. Protecting basic human rights by ensuring the correctness of the entire forensics process, and its output in the form of digital evidence, is thus a point of concern. The “right to a fair trial” given in Article 6 of the European Convention as an umbrella principle that affects the forensics process, is one example of the protection of basic human rights.

    In digital forensics there are principles and models on the top (theoretical basis), acting as a platform on abstract and generic level, in the middle, there are policies and practices and at the bottom, there are technical procedures and techniques. During this research we worked to solve the above mentioned problems, concentrating on all three layers, by extending the abstract models, defining best practice, and by providing new technical procedures employing latest technology. Our work also helps to implement organisational policies.

    The research was undertaken in two cycles, starting with an exploration of the theoretical basis and continuing to procedures and techniques. The methods used to preserve the integrity of digital evidence were explored and evaluated in the first cycle. A new technical model called PIDESC[1] was thus proposed. This can preserve the integrity of digital evidence by orchestrating both software- and hardware-based security solutions. The model was evaluated in terms of time and cost. The results suggest that the gains outweigh the additional cost and time. The increase in time is a constant negligible factor of only half a millisecond on average. In the next cycle we built on our knowledge and extended the theoretical basis on an abstract and generic level to preserve the integrity of digital evidence and to protect basic human rights as overarching umbrella principles (2PasU[2]). We then developed specific solutions, including a formal method to select the best mobile device forensics tool, and developed a guide for best practices to fulfil the requirements of preservation and protection. Finally, we mapped the solutions to the proposed extended model with 2PasU, putting all the research into its context in order to pave the way for future work in this domain.

    [1] Protecting Digital Evidence Integrity by Using Smart Cards [2] Preservation and Protection as Umbrella Principles

    Stockholm 2015 http://urn.kb.se/resolve?urn=urn:nbn:se:su:diva-116581

    ISBN 978-91-7649-180-5 ISSN 1101-8526

    Department of Computer and Systems Sciences

    Stockholm University, 164 40 Kista

  • Protecting the Integrity of Digital Evidence and Basic Human Rights During the

    Process of Digital Forensics

    Shahzad Saleem

  • ©Shahzad Saleem, Stockholm 2015 REPORT SERIES NO. 15-010 ISSN 1101-8526 ISBN 978-91-7649-180-5 Printed in Sweden by Publit, Stockholm 2015 Distributor: Department of Computer and Systems Sciences

  • Acknowledgements Thanks to the Almighty ALLAH for providing me the opportunities to fulfil my dream of the PhD. I am really in debt to my elder brother, Mr. Tariq Saleem (Bhai Jaan) and pray that everyone be blessed with such a caring brother. I am also thankful to the prayers of my sister, wife and all the friends and family members especially my mother (Amma Jee). Like a true friend, Amma Jee has always sheltered me from the hardships of the life. Thank you my dear wife for bearing with me and my computer(s). Our kids with their innocent smiles and mischiefs were a source of pleasure and inspiration, thank you so very much for making our life so colourful. I am truly grateful to my mentor Professor Oliver Popov for his support and guidance in both curricular and co-curricular activities. My co-supervisor Dr Ibrahim Baggili (Abe) from UNH-USA has also helped me a lot during my studies, thank you so very much. I am also indebted to the “Higher Education Commission of Pakistan (HEC)” for enabling hundreds of Pakistani students to study in the developed countries and bring back the good experience to Pakistan. I am obliged to KTH, SU and especially DSV for providing us with the latest research facilities and funding during the entire tenure of MS and PhD, to all the DSV staff especially Ms Tuija Darvishi and Ms Fatima for their support and to my lab mates Irvin, Spyridon and Elly for their fruitful discussions. Special thanks to Professor Louise Yngström, she is really an ideal teacher we have found during MS in ICSS. I will also express my gratitude to Professor David Billard from HES-SO Geneve for introducing us to the new discipline of digital forensics, to all the committee members of my PhD defence and especially to Professor Noria Foukia for her constructive criticism. Thanks to all the friends in Sweden for the help, suggestions, and the parties, especially to Mudassar, Salman, Khurram, Arbab, Hasni, Zeeshan, Afridi, Noor, Rushdan, Shahid, Omer, Amir, Awais, Ghaffor, Noshad, Laeeq, Amjad, Almdar, Ghulam Nabi, Munir-ul-Azam and Irfan.

  • Abstract Omnipresent digital devices and e-services running on numerous versions of pervasive e-infrastructures generate a wealth of electronically stored information (ESI) from which we can extract a great deal of potential digital evidence. Digital evidence is more revealing than its traditional counterpart, but at the same time it is very fragile and volatile in nature. Preserving the integrity of digital evidence is therefore of major concern. All stakeholders of digital forensics process should have the right to be assured of the accuracy of both the process and the people involved in it. Currently they surrender these rights and have to trust the process and the individuals carrying it out. Protecting basic human rights by ensuring the correctness of the entire forensics process, and its output in the form of digital evidence, is thus another problem. We undertook two cycles of design science research to solve the above mentioned problems, starting with an exploration of the theoretical basis and continuing to procedures and techniques. End result of the first cycle was a new technical model called PIDESC1. This can better preserve the integrity of digital evidence by orchestrating both software- and hardware-based security solutions. The model was evaluated in terms of time and cost. The results suggest that the gains outweigh the additional cost and time. The increase in time is a constant negligible factor of only half a millisecond on average. In the second cycle we extended the theoretical basis on both an abstract and a generic level to preserve the integrity of digital evidence and to protect basic human rights as overarching umbrella principles (2PasU2). We then developed specific solutions, including a formal method to select the best mobile device forensics tool, and a guide for best practices to fulfil the requirements of preservation and protection. Finally, we mapped the solutions to the proposed extended model with 2PasU, putting all the research into its context which provides sound and promising directions for the future work in this domain.

    1 Protecting Digital Evidence Integrity by Using Smart Cards 2 Preservation and Protection as Umbrella Principles

  • Contents

    1.  Introduction ..................................................................... 1  1.1.  Motivation ..................................................................................... 3 

    1.1.1.  Theoretical Basis .............................................................. 4  1.1.2.  Tools and Techniques ..................................................... 6 

    1.2.  Research Problem ....................................................................... 7  1.3.  Objectives ..................................................................................... 8 

    2.  Research Methodology ............