A framework for evidence integrity preservation in virtualized environment: a digital forensic approach

2.50
Hdl Handle:
http://hdl.handle.net/10547/211811
Title:
A framework for evidence integrity preservation in virtualized environment: a digital forensic approach
Authors:
Ani, Uchenna Peter Daniel
Abstract:
Virtual machine technology has emerged with relishing features such as versioning, isolation and encapsulation. These features have made evidence acquisition and preservation difficult and impracticable. Virtual machines have proved excellence in anti-forensics, such that conventional approaches to integrity preservation have not yielded the best results required to facilitate admissibility. Issues around virtual machine forensics, its relationship with digital evidence integrity, and effects to admissibility have been resolutely investigated. In this work, we focused on the identification of threats to the integrity of evidence in a virtual machine environment using VMware hypervisor as case study. A conceptual framework, EIPF for preserving integrity of evidences resident in a virtual machine environment is introduced. The framework emphasises rules, processes and parameters necessary for upholding the accuracy, reliability and trustworthiness of digital evidence. The framework adopts the widely known Clark-Wilson‟s principles on Data Integrity. In our investigation, the key parameters used are the security strength of the hash algorithms, the relative Number of Evidence Attributes), and the Number of Evidence Circles. To simplify the analysis further, a reliability rating factor has been introduced as a means of defining conceptual integrity levels. We have mathematically modelled all the penalty parameters for data integrity in our model following widely known and recommended standards and processes. Although a demonstration of the behaviour of EIPF had not been exhaustively featured, the proposed framework has offered a starting point towards adopting an improved way of ensuring integrity. While opening up a path for unification, it has amplified the trust level for a court‟s acceptance of a claimed integrity state for digital evidence.
Publisher:
University of Bedfordshire
Issue Date:
Jan-2012
URI:
http://hdl.handle.net/10547/211811
Type:
Thesis or dissertation
Language:
en
Description:
A Thesis submitted at the University of Bedfordshire in partial fulfilment for the degree of Masters of Science in Computer Security and Forensics
Appears in Collections:
Masters e-theses

Full metadata record

DC FieldValue Language
dc.contributor.authorAni, Uchenna Peter Danielen
dc.date.accessioned2012-02-21T11:13:01Z-
dc.date.available2012-02-21T11:13:01Z-
dc.date.issued2012-01-
dc.identifier.urihttp://hdl.handle.net/10547/211811-
dc.descriptionA Thesis submitted at the University of Bedfordshire in partial fulfilment for the degree of Masters of Science in Computer Security and Forensicsen
dc.description.abstractVirtual machine technology has emerged with relishing features such as versioning, isolation and encapsulation. These features have made evidence acquisition and preservation difficult and impracticable. Virtual machines have proved excellence in anti-forensics, such that conventional approaches to integrity preservation have not yielded the best results required to facilitate admissibility. Issues around virtual machine forensics, its relationship with digital evidence integrity, and effects to admissibility have been resolutely investigated. In this work, we focused on the identification of threats to the integrity of evidence in a virtual machine environment using VMware hypervisor as case study. A conceptual framework, EIPF for preserving integrity of evidences resident in a virtual machine environment is introduced. The framework emphasises rules, processes and parameters necessary for upholding the accuracy, reliability and trustworthiness of digital evidence. The framework adopts the widely known Clark-Wilson‟s principles on Data Integrity. In our investigation, the key parameters used are the security strength of the hash algorithms, the relative Number of Evidence Attributes), and the Number of Evidence Circles. To simplify the analysis further, a reliability rating factor has been introduced as a means of defining conceptual integrity levels. We have mathematically modelled all the penalty parameters for data integrity in our model following widely known and recommended standards and processes. Although a demonstration of the behaviour of EIPF had not been exhaustively featured, the proposed framework has offered a starting point towards adopting an improved way of ensuring integrity. While opening up a path for unification, it has amplified the trust level for a court‟s acceptance of a claimed integrity state for digital evidence.en
dc.language.isoenen
dc.publisherUniversity of Bedfordshireen
dc.subjectG400 Computer Scienceen
dc.subjectdigital forensicsen
dc.subjectdata integrityen
dc.subjectversioningen
dc.subjectevidenceen
dc.subjectdigital evidenceen
dc.titleA framework for evidence integrity preservation in virtualized environment: a digital forensic approachen
dc.typeThesis or dissertationen
This item is licensed under a Creative Commons License
Creative Commons
All Items in UOBREP are protected by copyright, with all rights reserved, unless otherwise indicated.