Author URLs
Professor Baggili's Faculty Profile
Professor Breitinger's Faculty Profile
Professor Breitinger's web page
Professor Breitinger's Full Bibliography
Professor Baggili's Faculty Profile
UNHcFREG (UNH Cyber Forensics Research & Education Group / Lab)
Document Type
Article
Publication Date
8-2016
Subject: LCSH
Computer crimes--Investigation, Computer forensics
Disciplines
Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security
Abstract
In this primary work we call for the importance of integrating security testing into the process of testing digital forensic tools. We postulate that digital forensic tools are increasing in features (such as network imaging), becoming networkable, and are being proposed as forensic cloud services. This raises the need for testing the security of these tools, especially since digital evidence integrity is of paramount importance. At the time of conducting this work, little to no published anti-forensic research had focused on attacks against the forensic tools/process.We used the TD3, a popular, validated, touch screen disk duplicator and hardware write blocker with networking capabilities and designed an attack that corrupted the integrity of the destination drive (drive with the duplicated evidence) without the user's knowledge. By also modifying and repackaging the firmware update, we illustrated that a potential adversary is capable of leveraging a phishing attack scenario in order to fake digital forensic practitioners into updating the device with a malicious operating system. The same attack scenario may also be practiced by a disgruntled insider. The results also raise the question of whether security standards should be drafted and adopted by digital forensic tool makers.
DOI
10.1016/j.diin.2016.04.004
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Repository Citation
Meffert, Christopher S.; Baggili, Ibrahim; and Breitinger, Frank, "Deleting Collected Digital Evidence by Exploiting a Widely Adopted Hardware Write Blocker" (2016). Electrical & Computer Engineering and Computer Science Faculty Publications. 56.
https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/56
Publisher Citation
Meffert, Christopher S., Ibrahim Baggili, and Frank Breitinger. "Deleting collected digital evidence by exploiting a widely adopted hardware write blocker." Digital Investigation 18 (2016): S87-S96.
Included in
Computer Engineering Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, Information Security Commons
Comments
Dr. Baggili was appointed to the University of New Haven's Elder Family Endowed Chair in 2015.
© 2016 The Author(s). Published by Elsevier Ltd. This is an open access article under the CC-BY-NC-ND license.