CISPA
Browse
- No file added yet -

Tampering with digital evidence is hard: The case of main memory images

Download (1.12 MB)
conference contribution
posted on 2024-09-24, 11:58 authored by Janine SchneiderJanine Schneider, Julian Wolf, Felix Freiling
Tampered digital evidence may jeopardize its correct interpretation. To assess the risks in a court of law, it is helpful to quantify the necessary effort to perform a convincing manipulation of digital evidence. Based on a sequence of controlled experiments with graduate students and digital forensics professionals, we study the effort to manipulate copies of main memory taken during a digital investigation. Confirming previous results on hard disc image tampering, manipulating main memory dumps can be considered hard in the sense that most forgeries were successfully detected. However, while the effort to detect a manipulation is generally bounded by the tampering effort, some forgeries fooled the analysts and caused analysis effort that was higher than the manipulation effort. The detection effort by graduate students, however, was generally higher than that of professionals. We study different manipulation and detection approaches and their success. Overall, tampering with main memory dumps appears to be harder than tampering with hard disc images but the probability to fool an analyst is higher too.

History

Name of Conference

Digital Forensics Research Conference (DFRWS)

CISPA Affiliation

  • No

Journal

Forensic Science International: Digital Investigation

Volume

32

Page Range

300924-300924

Publisher

Elsevier

Open Access Type

  • Unknown

BibTeX

@inproceedings{Schneider:Wolf:Freiling:2020, title = "Tampering with digital evidence is hard: The case of main memory images", author = "Schneider, Janine" AND "Wolf, Julian" AND "Freiling, Felix", year = 2020, month = 4, journal = "Forensic Science International: Digital Investigation", number = "DFRWS 2020 EU – Proceedings of the Seventh Annual DFRWS Europe", pages = "300924--300924", publisher = "Elsevier", issn = "2666-2825" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC