|< Day Day Up >|| |
It is useful to present some fundamental requirements of a forensic data collection system before considering how these can be securely protected. These requirements were chosen to reflect the experience of computer forensic investigators. Other forensic experts may argue against some or all of them:
Forensic data collection should be complete and non-software specific—thus avoiding software traps and hidden partitioning.
In operation, it should be as quick and as simple as possible to avoid error or delay.
It should be possible for anyone to use a forensic data collection system with the minimum amount of training.
Necessary costs and resources should be kept to a minimum.[vii]
To meet the conditions specified in items 2, 3, and 4 in the preceding list, the DIGITAL INTEGRITY VERIFICATION AND AUTHENTICATION protocol must be tailored to suit. For the collection phase to remain quick and simple, the DIGITAL INTEGRITY VERIFICATION AND AUTHENTICATION protocol must not add significantly to the time required for copying, nor should there be additional (possibly complex) procedures.
The time and effort required to introduce links with key management agencies, trusted third parties, key distribution centers, and similar paraphernalia of digital signatures and document authentication is not necessary. It would add to the cost and complexity with little increase to security. It might mean, for example, that only investigators issued with a valid digital signature would be able to complete copies. Who is to issue these? Where are they to be stored? How will each individual remember his or her own key? How can misuse of keys be detected?
The DIGITAL INTEGRITY VERIFICATION AND AUTHENTICATION protocol described in the next section is virtually a self-contained system. Quite obviously, a truly self-contained encryption system cannot be cryptographically secure. However, within the DIGITAL INTEGRITY VERIFICATION AND AUTHENTICATION protocol, alternative channels of security are used to provide a truly secure system, but at much lower cost in time and consumables.
[vii]“DIVA Computer Evidence – Digital Image Verification And Authentication,” Computer Forensics UK Ltd, Third Floor, 9 North Street, Rugby, Warwickshire, CV21 2AB, UK, 2002.
|< Day Day Up >|| |