Verifying data authenticity and integrity in server-aided confidential forensic investigation
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
Hi-index | 0.00 |
Remote forensics can help investigators perform investigation without need to ship hard drives or travel to a remote location. With increased use of cloud computing technologies, it is becoming more and more difficult to perform post-event forensic investigation. The difficulty consists in that thousands upon thousands of disparate data from different data owners may be stored on a single storage device (e.g., a remote server). To clone a copy of data from the storage device is a costly and time consuming task and may not be easy due to the huge volume of data. Even if it is possible to make a clone, investigating all the data one by one will inevitably result in exposing irrelevant data to the investigators while data owners may be unwilling to expose it because it may involve their privacy information. The other alternative is to let the server administrator search the relevant information and retrieve the data for the investigators provided a warrant can be provided. However, sometimes, the investigators need to keep the investigation subject confidential due to the confidentiality of the crime or the server administrator may be one of the suspects. In this paper, we address how to solve this problem by multiple keyword search over encrypted data, so that the investigators can obtain the necessary evidence while keeping the investigation subject confidential and at the same time, the irrelevant data can be protected from exposing to the investigators.