Privacy-preserving computer forensics framework

Citation

Halboob, Waleed Abduljabbar (2015) Privacy-preserving computer forensics framework. PhD thesis, Universiti Putra Malaysia.

Abstract

Computer forensics and privacy preservation are conflicting fields in computer security. Computer forensics tools essentially image and analyze all the data found in a targeted investigation. In contrast, privacy preservation techniques are used to protect a data owner private identity, information, and/or activities from any unauthorized access, use,or disclosure. Thus, there is a need to balance these two conflicting fields. In other words,there is a tremendous need to find a lawful and fair computer forensics solution thatr the past decade,the conflict between privacy preservation and computer forensics has been investigated in several studies. However, the solutions proposed by previous researchers are not efficient and lawful as well as they did not provide a sufficient analysis. The objective of this research is to propose a computer forensics framework to preserve the privacy of data owners in an efficient and lawful manner while providing sufficient digital evidence analysis. Computer forensics privacy levels and policies are specified to help improve used for providing an efficient imaging and analysis. The private data are encrypted using an advanced encryption system (AES). Advanced forensic format 4 (AFF4) is used as a container for the imaged relevant data. The framework is implemented to ensure that it is workable and measure its efficiency. A qualitative evaluation method was used to evaluate both the lawfulness of the framework and sufficiency of the analysis by observing these criteria. Moreover, other related work was implemented to compare with the proposed framework. The results obtained show that the proposed framework satisfies all the required features for having a lawful solution, provides efficient imaging and analysis as well as sufficient analysis. It can be concluded that the proposed framework has several advantages compared to the other related works, namely an efficient and lawful method for selective imaging and analysis, and sufficient analysis. It also provides a forensics sound and flexible solution with a distributed analysis.

Download File

Preview

PDF
FSKTM 2015 20RR.pdf
Download (1MB) | Preview

Additional Metadata

Item Type:	Thesis (PhD)
Subject:	Computer security
Subject:	Data protection
Subject:	Evidence preservation - Forensic sciences
Call Number:	FSKTM 2015 20
Chairman Supervisor:	Professor Ramlan Mahmod, PhD
Divisions:	Faculty of Computer Science and Information Technology
Depositing User:	Haridan Mohd Jais
Date Deposited:	07 Sep 2017 04:41
Last Modified:	07 Sep 2017 04:41
URI:	http://psasir.upm.edu.my/id/eprint/57138
Statistic Details:	View Download Statistic

Actions (login required)

View Item