Evaluating tamper resistance of digital forensic artifacts during event reconstruction

Evaluating tamper resistance of digital forensic artifacts during event reconstruction

연구 분야: Cryptography

학회: Digital Threats: Research and Practice

Event reconstruction is a fundamental part of the digital forensic process, helping to answer key questions like who, what, when, and how. A common way of accomplishing that is to use tools to create timelines, which are then analyzed. However, various challenges exist, such as large volumes of data or contamination. While prior research has focused on simplifying timelines, less attention has been given to tampering, i.e., the deliberate manipulation of evidence, which can lead to errors in interpretation. This article addresses the issue by proposing a framework to assess the relative tamper resistance of different data sources used in event reconstruction. We discuss factors affecting data resilience, introduce a scoring system for evaluation, and illustrate its application with case studies. This work aims to improve the reliability of forensic event reconstruction by considering tamper resistance.