research-article

A privacy-aware digital forensics investigation in enterprises

Authors:

Ludwig Englbrecht,

Günther PernulAuthors Info & Claims

ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

Article No.: 58, Pages 1 - 10

https://doi.org/10.1145/3407023.3407064

Published: 25 August 2020 Publication History

Abstract

Stricter policies, laws and regulations for companies on the handling of private information arise challenges in the handling of data for Digital Forensics investigations. This paper describes an approach that can meet necessary requirements to conduct a privacy-aware Digital Forensics investigation in an enterprise. The core of our approach is an entropy-based identification algorithm to detect specific patterns within files that can indicate non-private information. Files containing sensitive information are excluded systematically. This privacy preserving method can be integrated into a Digital Forensics examination process to prepare an image which is free from private as well as critical information for the investigation. The approach demonstrates that investigations in enterprises can be supported and improved by adapting existing algorithms and processes from related subject areas to implement privacy preserving measures into an investigation process.

References

[1]

Rafael Accorsi, Claus Wonnemann, and Thomas Stocker. 2011. Towards Forensic Data Flow Analysis of Business Process Logs. In Proceedings of the 2011 Sixth International Conference on IT Security Incident Management and IT Forensics (IMF '11). IEEE Computer Society, 3--20.

Digital Library

[2]

Asou Aminnezhad, Ali Dehghantanha, and Mohd Taufik Abdullah. 2012. A survey on privacy issues in digital forensics. International Journal of Cyber-Security and Digital Forensics 1, 4 (2012), 311--324.

[3]

Frederik Armknecht and Andreas Dewald. 2015. Privacy-preserving email forensics. Digital Investigation 14 (2015), 127--136.

Digital Library

[4]

Frank Breitinger and Harald Baier. 2012. Similarity Preserving Hashing: Eligible Properties and a New Algorithm MRSH-v2. In Digital Forensics and Cyber Crime - 4th International Conference, ICDF2C 2012, Lafayette, IN, USA, October 25-26, 2012, Revised Selected Papers (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, Vol. 114), Marcus K. Rogers and Kathryn C. Seigfried-Spellar (Eds.). Springer, 167--182.

[5]

Mike Burmester, Yvo Desmedt, Rebecca Wright, and Alec Yasinsac. 2002. Security or Privacy, Must We Choose? In Symposium on Critical Infrastructure Protection and the Law.

[6]

Aniello Castiglione, Giuseppe Cattaneo, Giancarlo de Maio, and Alfredo de Santis. 2011. Automatic, Selective and Secure Deletion of Digital Evidence. In International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), 2011, Leonard Barolli (Ed.). IEEE, Piscataway, NJ, 392--398.

[7]

Gaby G. Dagher and Benjamin C.M. Fung. 2013. Subject-based semantic document clustering for digital forensic investigations. Data & Knowledge Engineering 86 (2013), 224--241.

[8]

Susan Dumais, John Platt, David Heckerman, and Mehran Sahami. 1998. Inductive learning algorithms and representations for text categorization. In Proceedings of the seventh international conference on Information and knowledge management, Niki Pissinou (Ed.). ACM, New York, NY, 148--155.

Digital Library

[9]

Jonathan Grier and Golden G. Richard. 2015. Rapid forensic imaging of large disks with sifting collectors. Digital Investigation 14 (2015), 34--44.

Digital Library

[10]

Waleed Halboob, Ramlan Mahmod, Nur Izura Udzir, and Mohd. Taufik Abdullah. 2015. Privacy Levels for Computer Forensics: Toward a More Efficient Privacy-preserving Investigation. Procedia Computer Science 56 (2015), 370--375.

[11]

S. Hou, T. Uehara, S. M. Yiu, L. C. K. Hui, and K. P. Chow. 2011. Privacy Preserving Multiple Keyword Search for Confidential Investigation of Remote Forensics. In 2011 Third International Conference on Multimedia Information Networking and Security. 595--599.

[12]

Han-Joon Kim and Sang-Goo Lee. 2000. A semi-supervised document clustering technique for information organization. In Proceedings of the ninth international conference on Information and knowledge management, Arvin Agah (Ed.). ACM, New York, NY, 30--37.

Digital Library

[13]

Frank Y.W. Law, Patrick P.F. Chan, S. M. Yiu, K. P. Chow, Michael Y.K. Kwan, Hayson K.S. Tse, and Pierre K.Y. Lai. 2011. Protecting Digital Data Privacy in Computer Forensic Examination. In 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, Oakland, California, USA, 05.05--06.05.2011. IEEE Computer Society, New York (NY), 1--6.

[14]

David E. Losada, Juan M. Fernández-Luna, Cyril Goutte, and Eric Gaussier (Eds.). 2005. A Probabilistic Interpretation of Precision, Recall and F-Score, with Implication for Evaluation: Advances in Information Retrieval. Springer Berlin Heidelberg.

[15]

Shawn McCreight and Dominik Weber. 2010. System and Method for Entropy-Based Near-Match Analysis. US Patent App. 12/722,482.

[16]

Stefan Meier. 2017. Digitale Forensik in Unternehmen. Ph.D. Dissertation. University of Regensburg.

[17]

Sungmi Park, Nikolay Akatyev, Yunsik Jang, Jisoo Hwang, Donghyun Kim, Woonseon Yu, Hyunwoo Shin, Changhee Han, and Jonghyun Kim. 2018. A comparative study on data protection legislations and government standards to implement Digital Forensic Readiness as mandatory requirement. Digital Investigation 24 (2018), 93--100.

[18]

Vassil Roussev, Yixin Chen, Timothy Bourg, and Golden G. Richard III. 2006. md5bloom: Forensic filesystem hashing revisited. Digital Investigation 3, Supplement-1 (2006), 82--90.

Digital Library

[19]

Shahzad Saleem, Oliver Popov, and Ibrahim Bagilli. 2014. Extended Abstract Digital Forensics Model with Preservation and Protection as Umbrella Principles. Procedia Computer Science 35 (2014), 812--821.

[20]

Claude E. Shannon. 1948. A Mathematical Theory of Communication. Bell System Technical Journal 27, 3 (1948), 379--423.

[21]

Dawn Xiaoding Song, D. Wagner, and A. Perrig. 2000. Practical techniques for searches on encrypted data. In Proceedings 2000 IEEE Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos, Calif, 44--55.

[22]

S. Srinivasan. 2007. Security and privacy vs. computer forensics capabilities. Information Systems Control Journal 4 (2007), 1--3.

[23]

Johannes Stüttgen, Andreas Dewald, and Felix C. Freiling. 2013. Selective Imaging Revisited. In Seventh International Conference on IT Security Incident Management and IT Forensics (IMF), 2013, Holger Morgenstern (Ed.). IEEE, Piscataway, NJ, 45--58.

[24]

Hal Tipton. 1993. Investigating inside the corporation. Computer Fraud & Security Bulletin 1993, 2 (1993), 4--10.

[25]

Philip Turner. 2006. Selective and intelligent imaging using digital evidence bags. Digital Investigation 3 (2006), 59--64.

Digital Library

[26]

Isabel Wagner and David Eckhoff. 2018. Technical Privacy Metrics: A Systematic Survey. ACM Comput. Surv. 51, 3 (2018), 57:1--57:38.

Digital Library

[27]

Alec Yasinsac and Yanet Manzano. 2001. Policies to Enhance Computer and Network Forensics. In Proceedings of the 2001 IEEE Workshop on Information Assurance and Security.

[28]

Christian Zoubek and Konstantin Sack. 2017. Selective deletion of non-relevant data. Digital Investigation 20 (2017), 92--98.

Digital Library

Cited By

Chaure SMane V(2023)Digital Forensic Framework for Protecting Data Privacy during InvestigationICST Transactions on Scalable Information Systems10.4108/eetsis.4002Online publication date: 27-Sep-2023
https://doi.org/10.4108/eetsis.4002
Bellizzi JLosiouk EConti MColombo CVella M(2023)VEDRANDO: A Novel Way to Reveal Stealthy Attack Steps on Android through Memory ForensicsJournal of Cybersecurity and Privacy10.3390/jcp30300193:3(364-395)Online publication date: 10-Jul-2023
https://doi.org/10.3390/jcp3030019
Ogunseyi TAdedayo O(2023)Cryptographic Techniques for Data Privacy in Digital ForensicsIEEE Access10.1109/ACCESS.2023.334336011(142392-142410)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3343360
Show More Cited By

Index Terms

A privacy-aware digital forensics investigation in enterprises
1. Applied computing
  1. Computer forensics
    1. Evidence collection, storage and analysis
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections

Recommendations

Digital Forensics vs. Due Process: Conflicting Standards or Complementary Approaches?
CECC 2019: Proceedings of the Third Central European Cybersecurity Conference

Cybersecurity and digital forensics are closely related to current and even more to future criminal proceedings due to the fact that digital evidence is more and more dominating the body of evidence in criminal trials. It is also fair to say that ...
Digital Forensics and Crime Investigation: Legal Issues in Prosecution at National Level
SADFE '10: Proceedings of the 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering

Abstract: Revolution in Internet and ease in use of latest technology is significantly increasing the use of latest technology worldwide, day by day. Advancement in digital devices such as computers and cell phones also helped the people to work both ...
FORZA - Digital forensics investigation framework that incorporate legal issues

What is Digital Forensics? Mark Pollitt highlighted in DFRWS 2004 [Politt MM. Six blind men from Indostan. Digital forensics research workshop (DFRWS); 2004] that digital forensics is not an elephant, it is a process and not just one process, but a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

August 2020

1073 pages

ISBN:9781450388337

DOI:10.1145/3407023

Program Chairs:
Melanie Volkamer
Karlsruhe Institute of Technologie (KIT), Competence Center for Applied Security Technology (KASTEL)
,
Christian Wressnegger
Karlsruhe Institute of Technologie (KIT), Competence Center for Applied Security Technology (KASTEL)

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 August 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ARES 2020

ARES 2020: The 15th International Conference on Availability, Reliability and Security

August 25 - 28, 2020

Virtual Event, Ireland

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
356
Total Downloads

Downloads (Last 12 months)56
Downloads (Last 6 weeks)3

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chaure SMane V(2023)Digital Forensic Framework for Protecting Data Privacy during InvestigationICST Transactions on Scalable Information Systems10.4108/eetsis.4002Online publication date: 27-Sep-2023
https://doi.org/10.4108/eetsis.4002
Bellizzi JLosiouk EConti MColombo CVella M(2023)VEDRANDO: A Novel Way to Reveal Stealthy Attack Steps on Android through Memory ForensicsJournal of Cybersecurity and Privacy10.3390/jcp30300193:3(364-395)Online publication date: 10-Jul-2023
https://doi.org/10.3390/jcp3030019
Ogunseyi TAdedayo O(2023)Cryptographic Techniques for Data Privacy in Digital ForensicsIEEE Access10.1109/ACCESS.2023.334336011(142392-142410)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3343360
Tyagi RSharma SMohan S(2022)Blockchain Enabled Intelligent Digital Forensics System for Autonomous Connected Vehicles2022 International Conference on Communication, Computing and Internet of Things (IC3IoT)10.1109/IC3IOT53935.2022.9767987(1-6)Online publication date: 10-Mar-2022
https://doi.org/10.1109/IC3IOT53935.2022.9767987
Javed AAhmed WAlazab MJalil ZKifayat KGadekallu T(2022)A Comprehensive Survey on Computer Forensics: State-of-the-Art, Tools, Techniques, Challenges, and Future DirectionsIEEE Access10.1109/ACCESS.2022.314250810(11065-11089)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3142508
Hyder MArshad SArfeen AFatima T(2022)Privacy preserving mobile forensic framework using role‐based access control and cryptographyConcurrency and Computation: Practice and Experience10.1002/cpe.717834:23Online publication date: 12-Jul-2022
https://doi.org/10.1002/cpe.7178
Alashjaee AHaney M(2020)A Framework for Mobile Malware Forensics2020 International Conference on Computational Science and Computational Intelligence (CSCI)10.1109/CSCI51800.2020.00037(175-181)Online publication date: Dec-2020
https://doi.org/10.1109/CSCI51800.2020.00037
Englbrecht LSchönig SPernul G(2020)Supporting Process Mining with Recovered Residual DataThe Practice of Enterprise Modeling10.1007/978-3-030-63479-7_27(389-404)Online publication date: 18-Nov-2020
https://doi.org/10.1007/978-3-030-63479-7_27

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents