A Framework of TPM, SVM and Boot Control for Securing Forensic Logs

Borhan, Nazanin; Mahmod, Ramlan; Dehghantanha, Ali

doi:10.5120/7831-1042

Cited by 7 publications

(7 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With growing usage of cloud several researchers tried to provide privacy sound models for investigation in these environments [36][37][38][39][40], in addition it is worthwhile that mention a few papers that work on malware investigation [41,43]. Finally, there were models for forensics log protection while considering user privacy in log access occasions and the privacy and pervasive systems [44][45][46][47] that can lead us to better comprehension of cloud environment. We identified several issues pertaining to cloud and why there is a growing resistance among major corporations to adopt the cloud.…”

Section: Discussion and Analysismentioning

confidence: 99%

Cloud Forensics Issues and Opportunities

Aminnezhad¹,

Dehghantanha²,

Abdullah³

et al. 2013

IJIPM

View full text Add to dashboard Cite

Cloud computing technology is a rapidly growing field of study, which relies on sharing computing resources rather than having local servers or personal devices to handle applications. Most of the growth in this field is due to transfer of the traditional model of IT services to a novel model of cloud and the ubiquity of access to electronic and digital devices. Cloud computing posed a critical risk and challenges to digital investigators, but provides plenty of opportunities to investigators for improving the digital forensics. Moreover, cloud service providers and customers have yet to establish adequate forensic capabilities that could support investigations of criminal activities in the cloud. Notwithstanding the cloud presents some promising technical and economic benefits, users still resist to use cloud mainly due to security issues because it poses a challenge in doing cloud forensic investigations. Regarding this some research has been done, which propose solutions in doing forensic investigation. In this review paper, we take the first step towards reviewing the cloud forensics works that have been done by other researchers, and then do some discussion and analysis based on our findings to consider the opportunities and challenges confront the cloud forensics based on our findings.

show abstract

Section: Discussion and Analysismentioning

confidence: 99%

Cloud Forensics Issues and Opportunities

Aminnezhad¹,

Dehghantanha²,

Abdullah³

et al. 2013

IJIPM

View full text Add to dashboard Cite

show abstract

“…Detection of alteration can also be performed in hardware-based secure storage for event logs (Boeck et al, 2010;Borhan et al, 2012). For instance, AMD processor provides a feature called Secure Virtual Machine (SVM) Trusted Platform 840Module (TPM) that can run a special protected code (Boeck et al, 2010).…”

Section: Hardware-based Tamper Detection 835mentioning

confidence: 99%

“…those that only use software. However, the use of hardware-supported techniques cannot prevent impersonation attacks as discussed in (Boeck et al, 2010;Borhan et al, 2012).…”

Section: Hardware-based Tamper Detection 835mentioning

confidence: 99%

A survey on forensic investigation of operating system logs

Studiawan¹,

Sohel²,

Payne³

2019

Digital Investigation

View full text Add to dashboard Cite

Event logs are one of the most important sources of digital evidence for forensic investigation because they record essential activities on the system. In this paper, we present a comprehensive literature survey of the forensic analysis on operating system logs. We present a taxonomy of various techniques used in this area. Additionally, we discuss the tools that support the examination of the event logs. This survey also gives a review of the publicly available datasets that are used in operating system log forensics research. Finally, we suggest potential future directions on the topic of operating system log forensics.

show abstract

“…I.e. investigation of cloud applications on mobile phones (45,(47)(48)(49), malwares on smartphones (50)(51)(52), and investigating mobile phones as part of botnets (53) and SCADA (54) systems are all challenging forensics research areas. In view of the evolving nature of mobile device forensics, it is suggested that forensic practitioners who rely primarily on general-purpose mobile forensic toolkits might find that no single forensic tool could recover all relevant evidence data from a device (6).…”

Section: Related Workmentioning

confidence: 99%

Performance of Android Forensics Data Recovery Tools

Ogazi-Onyemaechi

Dehghantanha

Choo

2017

Contemporary Digital Forensic Investigations of Cloud and Mobile Applications

View full text Add to dashboard Cite

Abstract-Recovering deleted or hidden data is among most important duties of forensics investigators. Extensive utilisation of smartphones as subject, objects or tools of crime made them an important part of residual forensics. This chapter investigates the effectiveness of mobile forensic data recovery tools in recovering evidences from a Samsung Galaxy S2 i9100 Android phone. We seek to determine the amount of data that could be recovered using Phone image carver, Access data FTK, Foremost, Diskdigger, and Recover My File forensic tools. The findings reflected the difference between recovery capacities of studied tools showing their suitability in their specialised contexts only.

show abstract

A Framework of TPM, SVM and Boot Control for Securing Forensic Logs

Cited by 7 publications

References 20 publications

Cloud Forensics Issues and Opportunities

Cloud Forensics Issues and Opportunities

A survey on forensic investigation of operating system logs

Performance of Android Forensics Data Recovery Tools

Contact Info

Product

Resources

About