A Combined Approach for a Privacy-Aware Digital Forensic Investigation in Enterprises
DOI:
https://doi.org/10.13052/jcsm2245-1439.1012Keywords:
Digital Forensics, Enterprise Forensics, Privacy-Aware, Privacy-Preserving, PrivacyAbstract
Stricter policies, laws and regulations for companies on the handling of private information arise challenges in the handling of data for Digital Forensics investigations. This paper describes an approach that can meet necessary requirements to conduct a privacy-aware Digital Forensics investigation in an enterprise. The core of our approach is an entropy-based identification algorithm to detect specific patterns within files that can indicate non-private information. Therefore we combine various approaches with the goal to detect and exclude files containing sensitive information systematically. This privacy-preserving method can be integrated into a Digital Forensics examination process to prepare an image which is free from private as well as critical information for the investigation. We implemented and evaluated our approach with a prototype. The approach demonstrates that investigations in enterprises can be supported and improved by adapting existing algorithms and processes from related subject areas to implement privacy-preserving measures into an investigation process.
Downloads
References
Rafael Accorsi, Claus Wonnemann, and Thomas Stocker. Towards forensic data flow analysis of business process logs. In Proceedings of the 2011 Sixth International Conference on IT Security Incident Management and IT Forensics, IMF ’11, pages 3–20. IEEE Computer Society, 2011.
Asou Aminnezhad, Ali Dehghantanha, and Mohd Taufik Abdullah. A survey on privacy issues in digital forensics. International Journal of Cyber-Security and Digital Forensics, 1(4):311–324, 2012.
Frederik Armknecht and Andreas Dewald. Privacy-preserving email forensics. Digital Investigation, 14:127–136, 2015.
Lucas Ballard, Seny Kamara, and Fabian Monrose. Achieving efficient conjunctive keyword searches over encrypted data. In Sihan Qing, Wenbo Mao, Javier López, and Guilin Wang, editors, Information and Communications Security, pages 414–426, Berlin, Heidelberg, 2005. Springer Berlin Heidelberg.
Frank Breitinger and Harald Baier. Similarity preserving hashing: Eligible properties and a new algorithm mrsh-v2. In Marcus K. Rogers and Kathryn C. Seigfried-Spellar, editors, Digital Forensics and Cyber Crime – 4th International Conference, ICDF2C 2012, Lafayette, IN, USA, October 25-26, 2012, Revised Selected Papers, volume 114 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, pages 167–182. Springer, 2012.
Mike Burmester, Yvo Desmedt, Rebecca Wright, and Alec Yasinsac. Security or privacy, must we choose? In Symposium on Critical Infrastructure Protection and the Law. 2002.
Aniello Castiglione, Giuseppe Cattaneo, Giancarlo de Maio, and Alfredo de Santis. Automatic, selective and secure deletion of digital evidence. In Leonard Barolli, editor, International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), 2011, pages 392–398, Piscataway, NJ, 2011. IEEE.
Yan-Cheng Chang and Michael Mitzenmacher. Privacy preserving keyword searches on remote encrypted data. In John Ioannidis, Angelos Keromytis, and Moti Yung, editors, Applied Cryptography and Network Security, pages 442–455, Berlin, Heidelberg, 2005. Springer Berlin Heidelberg.
Reza Curtmola, Juan Garay, Seny Kamara, and Rafail Ostrovsky. Searchable symmetric encryption. In Ari Juels, Rebecca Wright, and Sabrina de Di Capitani Vimercati, editors, Proceedings of the 13th ACM conference on Computer and communications security, page 79, New York, NY, 2006. ACM.
Gaby G. Dagher and Benjamin C.M. Fung. Subject-based semantic document clustering for digital forensic investigations. Data & Knowledge Engineering, 86:224–241, 2013.
Susan Dumais, John Platt, David Heckerman, and Mehran Sahami. Inductive learning algorithms and representations for text categorization. In Niki Pissinou, editor, Proceedings of the seventh international conference on Information and knowledge management, pages 148–155, New York, NY, 1998. ACM.
Jonathan Grier and Golden G. Richard. Rapid forensic imaging of large disks with sifting collectors. Digital Investigation, 14:34–44, 2015.
Waleed Halboob, Ramlan Mahmod, Nur Izura Udzir, and Mohd. Taufik Abdullah. Privacy levels for computer forensics: Toward a more efficient privacy-preserving investigation. Procedia Computer Science, 56:370–375, 2015.
Shuhui Hou, Tetsutaro Uehara, S. M. Yiu, Lucas C. K. Hui, and K. P. Chow. Privacy preserving multiple keyword search for confidential investigation of remote forensics. In Proceedings of the 2011 Third International Conference on Multimedia Information Networking and Security, MINES ’11, page 595–599, USA, 2011. IEEE Computer Society.
Shuhui Hou, Tetsutaro Uehara, S. M. Yiu, Lucas C.K. Hui, and K. P. Chow. Privacy preserving confidential forensic investigation for shared or remote servers. In Xiamu Niu, editor, Seventh International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), 2011, pages 378–383, Piscataway, NJ, 2011. IEEE.
Shuhui Hou, Siu-Ming Yiuy, Tetsutaro Ueharaz, and Ryoichi Sasakix. A privacy-preserving approach for collecting evidence in forensic investigation. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 2(1):70–78, 2013.
Han-Joon Kim and Sang-Goo Lee. A semi-supervised document clustering technique for information organization. In Arvin Agah, editor, Proceedings of the ninth international conference on Information and knowledge management, pages 30–37, New York, NY, 2000. ACM.
Frank Y.W. Law, Patrick P.F. Chan, S. M. Yiu, K. P. Chow, Michael Y.K. Kwan, Hayson K.S. Tse, and Pierre K.Y. Lai. Protecting digital data privacy in computer forensic examination. In 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, Oakland, California, USA, 05.05-06.05.2011, pages 1–6, New York (NY), 2011. IEEE Computer Society.
David E. Losada, Juan M. Fernández-Luna, Cyril Goutte, and Eric Gaussier, editors. A Probabilistic Interpretation of Precision, Recall and F-Score, with Implication for Evaluation: Advances in Information Retrieval. Springer Berlin Heidelberg, 2005.
Shawn McCreight and Dominik Weber. System and method for entropy-based near-match analysis, 2010. US Patent App. 12/722,482.
Stefan Meier. Digitale Forensik in Unternehmen. PhD thesis, University of Regensburg, 2017.
Ana Nieto, Ruben Rios, Javier Lopez, Wei Ren, Lizhe Wang, Kim-Kwang Raymond Choo, and Fatos Xhafa. Privacy-aware digital forensics. Computing. Institution of Engineering and Technology, 2019.
Sungmi Park, Nikolay Akatyev, Yunsik Jang, Jisoo Hwang, Donghyun Kim, Woonseon Yu, Hyunwoo Shin, Changhee Han, and Jonghyun Kim. A comparative study on data protection legislations and government standards to implement digital forensic readiness as mandatory requirement. Digital Investigation, 24:93–100, 2018.
Thomas Pasquier, Xueyuan Han, Mark Goldstein, Thomas Moyer, David Eyers, Margo Seltzer, and Jean Bacon. Practical whole-system provenance capture. In Proceedings of the 2017 Symposium on Cloud Computing, pages 405–418. ACM, 2017.
Devin J. Pohly, Stephen McLaughlin, Patrick McDaniel, and Kevin Butler. Hi-fi: collecting high-fidelity whole-system provenance. In Proceedings of the 28th Annual Computer Security Applications Conference, pages 259–268. ACM, 2012.
Vassil Roussev, Yixin Chen, Timothy Bourg, and Golden G. Richard III. md5bloom: Forensic filesystem hashing revisited. Digital Investigation, 3(Supplement-1):82–90, 2006.
Shahzad Saleem, Oliver Popov, and Ibrahim Bagilli. Extended abstract digital forensics model with preservation and protection as umbrella principles. Procedia Computer Science, 35:812–821, 2014.
Claude E. Shannon. A mathematical theory of communication. Bell System Technical Journal, 27(3):379–423, 1948.
Yonghong Sheng, Dongsheng Wang, Jinyang He, and Dapeng Ju. TH-CDP: an efficient block level continuous data protection system. In International Conference on Networking, Architecture, and Storage, pages 395–404, 2009.
Dawn Xiaodong Song, David A. Wagner, and Adrian Perrig. Practical techniques for searches on encrypted data. In 2000 IEEE Symposium on Security and Privacy, Berkeley, California, USA, May 14-17, 2000, pages 44–55. IEEE Computer Society, 2000.
S. Srinivasan. Security and privacy vs. computer forensics capabilities. Information Systems Control Journal, 4:1–3, 2007.
Johannes Stüttgen, Andreas Dewald, and Felix C. Freiling. Selective imaging revisited. In Holger Morgenstern, editor, Seventh International Conference on IT Security Incident Management and IT Forensics (IMF), 2013, pages 45–58, Piscataway, NJ, 2013. IEEE.
Hal Tipton. Investigating inside the corporation. Computer Fraud & Security Bulletin, 1993(2):4–10, 1993.
Philip Turner. Selective and intelligent imaging using digital evidence bags. Digital Investigation, 3:59–64, 2006.
Isabel Wagner and David Eckhoff. Technical privacy metrics: A systematic survey. ACM Comput. Surv., 51(3):57:1–57:38, 2018.
Alec Yasinsac and Yanet Manzano. Policies to Enhance Computer and Network Forensics. In Proceedings of the 2001 IEEE Workshop on Information Assurance and Security. 2001.
Xiao Yu, Yu-an Tan, Zhizhuo Sun, Jingyu Liu, Chen Liang, and Quanxin Zhang. A fault-tolerant and energy-efficient continuous data protection system. J. Ambient Intell. Humaniz. Comput., 10(8):2945–2954, 2019.
Christian Zoubek and Konstantin Sack. Selective deletion of non-relevant data. Digital Investigation, 20:92–98, 2017.
