A Log File Digital Forensic Model

Lalla, Himal; Flowerday, Stephen; Sanyamahwe, Tendai; Tarwireyi, Paul

doi:10.1007/978-3-642-33962-2_17

Cited by 5 publications

(3 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Pieterse et al discussed the various techniques that can be used to hide data within a database caused by the complexity of databases and the lack of forensic tools with which to examine databases (Pieterse and Olivier, 2012). Lalla et al described a model for investigating computer networks through network log files and how the examination of said files could reveal concealed activity (Lalla et al, 2012).…”

Section: Database Forensicsmentioning

confidence: 99%

Towards a forensic-aware database solution: Using a secured database replication protocol and transaction management for digital investigations

Frühwirt

Kieseberg

Krombholz

et al. 2014

Digital Investigation

View full text Add to dashboard Cite

Section: Database Forensicsmentioning

confidence: 99%

Towards a forensic-aware database solution: Using a secured database replication protocol and transaction management for digital investigations

Frühwirt

Kieseberg

Krombholz

et al. 2014

Digital Investigation

View full text Add to dashboard Cite

“…V also finds the set of possible state-controlled keys that may be in the KStore at the time of the crash. After the crash one such key will be in KStore (lines [6][7][8][9][10][11]. If the size of the log file is n , last key that has been updated before n will be in the KStore (because logging is immediately after key update).…”

Section: : Else 22mentioning

confidence: 99%

“…Computer systems use logging function to store and keep track of important events in the system. Log files are used for a variety of purposes including trouble shooting, intrusion detection and forensics [1,7,9]. In many cases, adversaries want to stay covert and be able to modify the log files without being detected.…”

Section: Introductionmentioning

confidence: 99%

Secure Logging with Security Against Adaptive Crash Attack

Avizheh

2020

Foundations and Practice of Security

View full text Add to dashboard Cite

Logging systems are an essential component of security systems and their security has been widely studied. Recently (2017) it was shown that existing secure logging protocols are vulnerable to crash attack in which the adversary modifies the log file and then crashes the system to make it indistinguishable from a normal system crash. The attacker was assumed to be non-adaptive and not be able to see the file content before modifying and crashing it (which will be immediately after modifying the file). The authors also proposed a system called SLiC that protects against this attacker. In this paper, we consider an (insider) adaptive adversary who can see the file content as new log operations are performed. This is a powerful adversary who can attempt to rewind the system to a past state. We formalize security against this adversary and introduce a scheme with provable security. We show that security against this attacker requires some (small) protected memory that can become accessible to the attacker after the system compromise. We show that existing secure logging schemes are insecure in this setting, even if the system provides some protected memory as above. We propose a novel mechanism that, in its basic form, uses a pair of keys that evolve at different rates, and employ this mechanism in an existing logging scheme that has forward integrity to obtain a system with provable security against adaptive (and hence non-adaptive) crash attack. We implemented our scheme on a desktop computer and a Raspberry Pi, and showed in addition to higher security, a significant efficiency gain over SLiC.

show abstract