Full Text:   <2778>

CLC number: TP309

On-line Access: 2011-10-08

Received: 2010-12-11

Revision Accepted: 2011-03-29

Crosschecked: 2011-09-01

Cited: 0

Clicked: 5581

Citations:  Bibtex RefMan EndNote GB/T7714

-   Go to

Article info.
Open peer comments

Journal of Zhejiang University SCIENCE C 2011 Vol.12 No.10 P.809-818

http://doi.org/10.1631/jzus.C1000425


k-Dimensional hashing scheme for hard disk integrity verification in computer forensics


Author(s):  Zoe Lin Jiang, Jun-bin Fang, Lucas Chi Kwong Hui, Siu Ming Yiu, Kam Pui Chow, Meng-meng Sheng

Affiliation(s):  School of Computer Science and Technology, Harbin Institute of Technology Shenzhen Graduate School, Shenzhen 518055, China, Department of Computer Science, The University of Hong Kong, Hong Kong, China

Corresponding email(s):   zoeljiang@gmail.com, junbinfang@gmail.com

Key Words:  Computer forensics, Digital evidence, Hard disk integrity, k-Dimensional hashing


Zoe Lin Jiang, Jun-bin Fang, Lucas Chi Kwong Hui, Siu Ming Yiu, Kam Pui Chow, Meng-meng Sheng. k-Dimensional hashing scheme for hard disk integrity verification in computer forensics[J]. Journal of Zhejiang University Science C, 2011, 12(10): 809-818.

@article{title="k-Dimensional hashing scheme for hard disk integrity verification in computer forensics",
author="Zoe Lin Jiang, Jun-bin Fang, Lucas Chi Kwong Hui, Siu Ming Yiu, Kam Pui Chow, Meng-meng Sheng",
journal="Journal of Zhejiang University Science C",
volume="12",
number="10",
pages="809-818",
year="2011",
publisher="Zhejiang University Press & Springer",
doi="10.1631/jzus.C1000425"
}

%0 Journal Article
%T k-Dimensional hashing scheme for hard disk integrity verification in computer forensics
%A Zoe Lin Jiang
%A Jun-bin Fang
%A Lucas Chi Kwong Hui
%A Siu Ming Yiu
%A Kam Pui Chow
%A Meng-meng Sheng
%J Journal of Zhejiang University SCIENCE C
%V 12
%N 10
%P 809-818
%@ 1869-1951
%D 2011
%I Zhejiang University Press & Springer
%DOI 10.1631/jzus.C1000425

TY - JOUR
T1 - k-Dimensional hashing scheme for hard disk integrity verification in computer forensics
A1 - Zoe Lin Jiang
A1 - Jun-bin Fang
A1 - Lucas Chi Kwong Hui
A1 - Siu Ming Yiu
A1 - Kam Pui Chow
A1 - Meng-meng Sheng
J0 - Journal of Zhejiang University Science C
VL - 12
IS - 10
SP - 809
EP - 818
%@ 1869-1951
Y1 - 2011
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/jzus.C1000425


Abstract: 
Verifying the integrity of a hard disk is an important concern in computer forensics, as the law enforcement party needs to confirm that the data inside the hard disk have not been modified during the investigation. A typical approach is to compute a single chained hash value of all sectors in a specific order. However, this technique loses the integrity of all other sectors even if only one of the sectors becomes a bad sector occasionally or is modified intentionally. In this paper we propose a k-Dimensional hashing scheme, kD for short, to distribute sectors into a kD space, and to calculate multiple hash values for sectors in k dimensions as integrity evidence. Since the integrity of the sectors can be verified depending on any hash value calculated using the sectors, the probability to verify the integrity of unchanged sectors can be high even with bad/modified sectors in the hard disk. We show how to efficiently implement this kD hashing scheme such that the storage of hash values can be reduced while increasing the chance of an unaffected sector to be verified successfully. Experimental results of a 3D scheme show that both the time for computing the hash values and the storage for the hash values are reasonable.

Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article

Reference

[1]Chen, B.M., Lee, T.H., Peng, K., Venkataramanan, V., 2006. Hard Disk Drive Servo Systems. Springer, London, p.3-11.

[2]Chow, K.P., Chong, C.F., Lai, K.Y., Hui, L.C.K., Pun, K.H., Tsang, W.W., Chan, H.W., 2005. Digital Evidence Search Kit. 1st Int. Workshop on Systematic Approaches to Digital Forensic Engineering, p.187-194.

[3]Comito, C., Patarin, S., Talia, D., 2007. PARIS: a Peer-to-Peer Architecture for Large-Scale Semantic Data Integration. Proc. Databases, Information Systems, and Peer-to-Peer Computing, p.163-170.

[4]Garber, L., 2001. Computer forensics: high-tech law enforcement. IEEE Comput. Mag., 34(1):22-27.

[5]Gauravaram, P., McCullagh, A., Dawson, E., 2006. Collision Attacks on MD5 and SHA-1: Is This the ‘Sword of Damocles’ for Electronic Commerce? Auscert Asia Pacific Information Technology Security Conf.: Refereed R&D Stream, p.73-88.

[6]Harbour, N., 2002. dcfldd. Defense Computer Forensics Lab. Available from http://dcfldd.sourceforge.net

[7]Hussain, O.K., Dillon, T.S., Chang, E., Hussain, F., 2010. Transactional risk-based decision making system in e-business interactions. Int. J. Comput. Syst. Sci. Eng., 25(1):15-25.

[8]Jiang, Z.L., Hui, L.C.K., Chow, K.P., Yiu, S.M., Lai, P.K.Y., 2007. Improving Disk Sector Integrity Using 3-Dimension Hashing Scheme. Int. Workshop on Foren- sics for Future Generation Communication, p.141-145.

[9]Jiang, Z.L., Hui, L.C.K., Yiu, S.M., 2008. Improving Disk Sector Integrity Using k-Dimension Hashing. Advances in Digital Forensics IV, p.87-98.

[10]Kornblum, J., 2006. Identifying almost identical files using context triggered piecewise hashing. Dig. Invest., 3(Supplement 1):91-97.

[11]Law, F.Y.W., Lai, P.K.Y., Jiang, Z.L., Ieong, R.S.C., Kwan, M.Y.K., Chow, K.P., Hui, L.C.K., Yiu, S.M., Chong, C.F., 2008. Protecting Digital Legal Professional Privilege (LPP) Data. 3rd Int. Workshop on Systematic Approaches to Digital Forensic Engineering, p.91-101.

[12]Mead, S., 2006. Unique file identification in the National Software Reference Library. Dig. Invest., 3(3):138-150.

[13]Merkle, R.C., 1989. A Certified Digital Signature. Advances in Cryptology, p.218-238.

[14]NIST (National Institute of Standards and Technology), 2004. National Software Reference Library (NSRL). Available from http://www.nsrl.nist.gov

[15]Schroeder, B., Gibson, G.A., 2007. Disk Failures in the Real World: What Does an MTTF of 1 000 000 Hours Mean to You? 5th USENIX Conf. on File and Storage Technologies, p.1.

[16]Wang, M., Li, L., Yiu, S.M., Hui, L.C.K., Chong, C.F., Chow, K.P., Tsang, W.W., Chan, H.W., Pun, K.H., 2007. A Hybrid Approach for Authenticating MPEG-2 Streaming Data. Int. Conf. on Multimedia Content Analysis and Mining, p.203-212.

Open peer comments: Debate/Discuss/Question/Opinion

<1>

Please provide your name, email address and a comment





Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - 2022 Journal of Zhejiang University-SCIENCE