A Web based tool for securing digital evidence
Warutumo, Collins Sebastian
Digital forensics is defined as a scientific knowledge and methods applied to the identification, acquisition, preservation, examination, and analysis of information stored or transmitted in binary form in a manner acceptable for application in legal matters. Digital forensics has increased its importance as there have been increase in the number of cyber cases involving digital forensics, official cybercrime report predicts the cases will be quadruple and will cost $6 trillion dollars by 2021. Preserving integrity of evidence in digital investigations is important as in helps the courts in delivering fair judgements.The aim of this dissertation is to develop an automated tool that helps investigators to maintain the integrity of digital evidence at acquisition phase, so as it is used to deliver a fair judgement in a court of law. The tool preserves the integrity of evidence using encryption, hashing and access controls amongst other controls. This ensures that evidence is secure as it has all attributes of security (confidentiality, availability and integrity).There are a variety of available solutions which preserve the integrity of evidence but they are not effective in terms of integrity of evidence. The developed system has the addressed the existing gaps. The study uses agile methodology, this is because it allows for fast implementation of prototype in a in short period of time hence making it efficient. Agile methodology guided on the development of the tool that is accurate, robust and secures. The main components of the system are the evidence collection and reporting modules. The result of the solution is to enhance efficiency in digital investigations by ensuring integrity of evidence. The focus of this research is integrity of evidence. The problem addressed in this research is evidence alteration at the acquisition phase which interferes with the integrity of data. The tests conducted evaluated the system’s performance which showed that resource retrieval speed averaged a few seconds leading to a high-performance rating. The response rate of the system is high, this is shown by the turnaround time of receiving requests from the server. The system’s compatibility tests show it is accessible in many browsers. The system exhibited high accuracy results in terms on preservation of integrity of evidence.
A thesis submitted in partial fulfilment of the requirements for the Degree of Master of Science in Information Systems Security (MSc.ISS) at Strathmore University
Digital Forensics, Digital Evidence