SlideShare une entreprise Scribd logo

IJERD (www.ijerd.com) International Journal of Engineering Research and Development

IJERD Editor
IJERD Editor
Technologie
1  sur  7
Télécharger pour lire hors ligne
International Journal of Engineering Research and Development e-ISSN : 2278-067X, p-ISSN : 2278-800X, www.ijerd.com Volume 2, Issue 5 (July 2012), PP. 64-70 Significance of Hash Value Generation in Digital Forensic: A Case Study Kailash Kumar1, Sanjeev Sofat2, S.K.Jain3, Naveen Aggarwal4 1 PhD (CSE) Student, PEC University of Technology, Chandigarh, India 2 Prof. and Head CSE Deptt. PEC University of Technology, Chandigarh, India 3 Deputy Director (Ball.) CFSL, Chandigarh, India 4 Assistant Professor CSE Deptt. UIET, Chandigarh, India Abstract––Digital forensics tools frequently use to calculate the hash value of digital evidence drive. MD5 and SHA hash function is used in digital forensic tools to calculate and verify that a data set has not been altered, due to the application of various evidence collection and analysis tools and procedures. Additionally, due to the impact on the personal life of the subject of an investigation, verification of the correct operation of tools and procedures is critical. This paper discusses the significance of hash value in digital forensic for the digital evidence. The research conducts six possible different cases as an experiment to generate and verify the hash value of test drive using forensic tool to demonstrate the importance of hash value in digital forensic. Additionally, unreliable results can be obtained because of the improper use of the application of the tools. Keywords––MD5; SHA; digital forensic; hash function. I. INTRODUCTION The field of digital forensic analysis has experienced rapid growth in recent years, as the use of computer forensic analysis proved invaluable in a wide range of legal proceedings. Digital forensics is used not only to investigate computerized crimes, such as network intrusion, fabrication of data and illegitimate material distribution through digital services, but also to investigate crime where evidence is stored in any digital format on any digital device [1]. One of the most important steps performed during a digital forensics investigation is the data acquisition step, which is “the task of collecting digital evidence from electronic media” [6]. During this step, the investigator makes an exact copy of the evidence disk or file to produce a forensics copy. To avoid destroying evidence, the investigation is conducted on the forensic copy, rather than the original evidence data. Thus, any data corruption that occurs during the investigation process can be rectified by using the evidence disk to create a new forensic copy to use to continue the investigation. Because a digital investigation frequently yields results that are used in a criminal or civil court proceeding which can drastically affect a person life, the investigator must be completely certain that the forensic copy is an exact copy of the evidence. The hash value plays an important role in forensic investigation for proving accuracy of digital data in front of judiciary. In this research article we are proposing some real time case study to prove the importance of hash value in digit al forensic investigation process. The remainder of this paper is organized as follows. Section 2 gives an overview of digital forensics. Section 3 provides a short background on hash function. Section 4 focuses on some case study of hash value generated in digital hard drive for forensic point of view. Finally section 5 concludes the paper and our future work. II. DIGITAL FORENSIC SCIENCE The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations. In 2001, the Digital Forensics Research Workshop [DFRW] [3] proposed a process for digital investigations that involves the following six steps. In this time we are more concern about the analysis phase, hash analysis is also a part of whole digital analysis that we mention in the original DFRW model illustrates in fig 1. Identification Preservation Collection evidence Presentation Analysis Examination Hash Analysis Fig. 1. Digital forensic investigation process 64
Significance of Hash Value Generation in Digital Forensic: A Case Study Digital forensics is the science of identifying, extracting, analyzing and presenting the digital evidence that has been stored in the digital electronic storage devices to be used in a court of law [1, 4, 5]. III. HASH FUNCTION Definition: An algorithm that turns a variable-sized amount of text into a fixed-sized output (hash value). Hash functions are used in creating digital signatures, hash tables and short condensations of text for analysis purposes. Hash functions are also known as "cryptographic hash functions. A hash function H is a transformation that takes a variable-size input „m‟ and returns a fixed-size string, which is called the hash value h (that is, h = H(m)). Hash functions with just this property have a variety of general computational uses, but when employed in cryptography the hash functions are usually chosen to have some additional properties. The basic requirements for a cryptographic hash function are:  the input can be of any length,  the output has a fixed length,  H(x) is relatively easy to compute for any given x ,  H(x) is one-way,  H(x) is collision-free. A hash function H is said to be one-way if it is hard to invert, where "hard to invert" means that given a hash value h, it is computationally infeasible to find some input x such that H(x) = h. If, given a message x, it is computationally infeasible to find a message y not equal to x such that H(x) = H(y) then H i s said to be a weakly collision-free hash function. A strongly collision-free hash function H is one for which it is computationally infeasible to find any two messages x and y such that H(x) = H(y). The hash value represents concisely the longer message or document from which it was computed; one can think of a message digest as a "digital fingerprint" of the larger document. Perhaps the main role of a cryptographic hash function is in the provision of digital signatures. Since hash functions are generally faster than digital signature algorithms, it is typical to compute the digital signature to some document by computing the signature on the document's hash value, which is small compared to the document itself. Additionally, a digest can be made public without revealing the contents of the document from which it is derived. This is important in digital time stamping where, using hash functions, one can get a document time stamped without revealing its contents to the time stamping service. A. Practical Hash Function This section covers hash functions that are most likely used in digital forensic software/tools: MD5 and SHA-1. For their detailed description we refer the reader to the documents issued by standardization bodies. MD4 and MD5:MD4 was proposed by Ron Rivest in 1990 and MD5 [7] followed shortly thereafter as its stronger version. Their design-had great influence on subsequent constructions of hash function. The letters “MD” stands for “message digest” and the numerals refer to the functions being the fourth and fifth designs from the same hash-function family. SHA-0 and SHA-1: The Secure Hash Algorithm (SHA) was initially approved for use with the Digital Signature Standard (DSS) in 1993 [2]. Two years later the standard was updated to become what is currently known as SHA-1 [8]. The first version of SHA is referred in the cryptographic literature as SHA-0, although it has never been its official designation. SHA- 1 differs from SHA-0 by exactly one additional instruction, which is nonetheless extremely important from the cryptanalytic perspective. Since there were no reasons to prefer the initial version of the standard, SHA-1 replaced SHA-0 in all but most antiquated applications. The details of these hash function is briefly illustrates in table 1below. Table1. Practical Hash function Name Block Size(bits) Word Size(bits) Output Size(bits) Rounds MD4 512 32 128 48 MD5 512 32 128 64 SHA-0 512 32 160 80 SHA-1 512 32 160 80 B. Hash value generation in digital forensic Generally hash value is used to check the integrity of any data file but, in digital forensic it is used to check the integrity of evidence disk data. The image of a disk is created in digital forensic for analysis so, it is necessary the image have exactly or replica of evidence disk. The hash value generated during imaging should match when that image of evidence disk is extracted for detail analysis. In digital forensic hash value is generated for whole disk data not only single or multiple files. 65
Significance of Hash Value Generation in Digital Forensic: A Case Study The hash value generated using forensic tools in the form of hexadecimal notation. Here we are giving an example to convert it in too two easily understandable form for forensic practitioner who don‟t have enough knowledge about computer system. Using the hash value generated of case1: 79EAB87F0D3A3B45954779A72F79AE63 1. Table 2 shows the binary form of the given hexadecimal value: Table2. Binary code for Hash value 0111 1001 1110 1010 1011 1000 0111 7 9 E A B 8 7 1111 0000 1101 0011 1010 0011 1011 F 0 D 3 A 3 B 0100 0101 1001 0101 0100 0111 0111 4 5 9 5 4 7 7 1001 1010 0111 0010 1111 0111 1001 9 A 7 2 F 7 9 1010 1110 0101 0011 A E 6 3 2. The following steps involve to convert given hexadecimal hash value into decimal form: Step1. Use Hexadecimal to Decimal conversion process as given below: 7*1631 + 9*1630 +E*1629+A*1628 +………….6*161 +3*160 Step2. Substitutes the equivalent numerical value in place of alphabet in hexadecimal hash value as given below. A=10, B=11, C=12, D=13, E=14, F=15 After substitution: 7*1631 + 9*1630 +14*1629+10*1628 +…….6*161 +3*160 Step3. Calculate hash value in decimal form. IV. PROPOSED FRAMEWORK FOR HASH VALUE CALCULATION The experimental model/framework for hash value calculation in digital forensic is proposed in fig 2. Using this model the test data has been generated on digital hard drive. Finding evidence for system tampering, data hiding or deleting utilities, unauthorized system modifications etc. should also be performed. Detecting and recovering hidden or obscured information is a major tedious task involved. Data should be searched thoroughly for recovering passwords, finding unusual hidden files or directories, file extension and signature mismatches etc. while searching the above said information from an evidence disk the forensic software is also create the hash value of the whole drive to check the integrity of the disk. In forensic data acquisition phase the hash value is generated at the time of imaging the evidence disk and compare that hash value at the time of examination or copying the contents of the disk. If both the hash value is identical than the forensic expert assume everything is fine otherwise some kind of tampering is involved with the evidence disk. Here the case study focuses the importance of hash value in forensic examination has been explored. Evidence disk Write Blocker Forensic tool Acquisition hash Verification hash Presentation Fig. 2. Hash calculation model 66
Significance of Hash Value Generation in Digital Forensic: A Case Study The model is used to create an image of test hard drive connected with write blocker (Ex. Fast Blok), to avoid writing anything by any vulnerable program running on the system. We can use any forensic tool for creating disk image along with hash value. The Encase forensics [9] is a simple but concise tool used in this case study. It saves an image of a hard disk in one file or in segments that may be later on reconstructed. It calculates MD5 hash values and confirms the integrity of the data before closing the files. Now the raw image created by Encase program is used for analysis and examination purpose. While extracting data from raw image the Encase program also verifies previous generated hash value and creates summary/report for forensic validation and presentation that match finds. The importance of hash value in digital forensic is illustrates in six different cases has been generated and analyzed below. 1. CASE1. Compute hash value in original: Here we generate hash value of original test evidence disk, which contains some suspect files/data for forensic analysis and also verifies the hash value after imaging/acquisition, report shown below in figure 3. Fig. 3. Case1 report 2. CASE2. Add any file in test drive and check hash with original: In this case the experiments generated the report shown in fig 4. The impact of adding any file in the test drive by mistake or by concern, correspondingly the hash value is verified with the original. The hash value differs from the original/actual evidence drive. Original hash value: 79EAB87F0D3A3B45954779A72F79AE63 New hash value: DE9EAD6A3B7B02475ADB6EB83CCB2826 Fig. 4. Case2 report 3. CASE3. Remove any file from the test drive and compare hash with original: In this case the experiments illustrate if any single or multiple files deleted from the evidence disk, correspondingly hash value of the drive is generated and compare with original. The difference of hash value generated report is shown in fig 5. Original hash value: 79EAB87F0D3A3B45954779A72F79AE63 New hash value: ECB15214986D91DF876F2F773F9E0F4D 67
Significance of Hash Value Generation in Digital Forensic: A Case Study Fig. 5. Case3 report 4 CASE4. Modify any file: This case is totally differing from the previous two cases of add and remove files from the drive, describes in two sub cases below:  Case 4.1. Add some contents in any file and check hash with original: Here we are demonstrates the case when small amount of data is added in any file. The report generated with hash value shows in fig 6. The comparison of hash value with the original is also mention below. Original hash value: 79EAB87F0D3A3B45954779A72F79AE63 New hash value: E02365F1BFCCA37AAB5E62D6262EBADE Fig. 6. Case4.1 report  Case 4.2. Remove some contents from any file and compare hash with original: Here we are demonstrates the case when some portion of data is erased from any file. The generated report with hash value shown in fig 7 below. Original hash value: 79EAB87F0D3A3B45954779A72F79AE63 New hash value: 43D25B68F22A84CD95C5214F0414E511 68
Significance of Hash Value Generation in Digital Forensic: A Case Study Fig. 7. Case4.2 report 5. CASE5. Shifting some contents from one file to another and check hash with original: Sometimes the content of one file is shifted to another file rather than the whole file the results of hash value comparison with original shows in figure 8 below. Original hash value: 79EAB87F0D3A3B45954779A72F79AE63 New hash value: 593026F4FB3437E7D47FC4178F22EC92 Fig. 8. Case5 report 6. CASE6. Update some contents in existing file and compare hash: The case is related where financial and accounting data is much more valuable than other contents of the disk. Sometimes the suspect modified only numerical contents of the data files. The experiments demonstrate here is to check whether the hash value generated in forensic tool differ or match with any previous case shows in figure 9 below. Original hash value: 79EAB87F0D3A3B45954779A72F79AE63 New hash value: C6D351D5F05CC6273EBD153FC25B5E7B 69
Significance of Hash Value Generation in Digital Forensic: A Case Study Fig. 9. Case6 report V. CONCLUSION & FUTURE WORK The role of hash value is demonstrated in this research work with the help of different cases involved in data tampering is analyzed and verified. The focus of this research is strongly on the hash value of whole digital drive not a single file. The aim of this work to show that even if a small modification happen in digital evidence, detected in the hash value. Given a different heuristic, it would be interesting to apply this technique in future to other file systems other than that of Windows and to compare results. VI. ACKNOWLEDGMENT The authors thankful to Mr. Vivek Kumar Forensic Analyst Central Forensic Science Laboratory, Chandigarh, for their useful contribution and Software/Hardware support for this case study. REFERENCES [1]. S. Ardisson. Producing a Forensic Image of Your Client‟s Hard Drive? What You Need to Know, Qubit, 1, pp. 1-2, 2007. [2]. “Digital signature standard,” FIPS PUB 186-2, 2000. Available from: www.csrc.nist.gov/publications/fips/fips186-2/fips186-2- change1.pdf [3]. G. Palmer. A road map for digital forensic research. Report From the First Digital Forensic Research Workshop (DFRWS), August 2001. [4]. M. Alazab, S. Venkatraman & P. Watters. Digital forensic techniques for static analysis of NTFS images, Proceedings of ICIT2009, Fourth International Conference on Information Technology, IEEE Xplore, 2009. [5]. M. Reith, C. Carr, & G. Gunsch. An examination of digital forensic models, International Journal of Digital Evidence, 1, pp.1- 12, 2002. [6]. Nelson, B. Phillips, A. Enfinger, F. Steuart, C. Guide to Computer Forensics and Investigations: Third Edition, Course Technology, 2008. [7]. Ronald L. Rivest. The MD5 message-digest algorithm, IETF RFC 1321, 1992. Available from www.ietf.org/rfc/rfc1321.txt [8]. Secure hash standard, FIPS PUB 180-1, 1995. Available from: www.itl.nist.gov/fipspubs/fip180-1.htm [9]. Guidance Software Inc. Encase forensics. http://www.guidancesoftware.com. 70

Recommandé

Documenting Software Architectural Component and Connector with UML 2
Documenting Software Architectural Component and Connector with UML 2Documenting Software Architectural Component and Connector with UML 2
Documenting Software Architectural Component and Connector with UML 2editor1knowledgecuddle
 
Computer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowComputer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowBrijesh Vishwakarma
 
Mj2521372142
Mj2521372142Mj2521372142
Mj2521372142IJERA Editor
 
1 s2.0-s1877050915013460-main
1 s2.0-s1877050915013460-main1 s2.0-s1877050915013460-main
1 s2.0-s1877050915013460-mainkalachandru
 
A comparative study of symmetric key algorithm des, aes and blowfish for vide...
A comparative study of symmetric key algorithm des, aes and blowfish for vide...A comparative study of symmetric key algorithm des, aes and blowfish for vide...
A comparative study of symmetric key algorithm des, aes and blowfish for vide...pankaj kumari
 
10.11648.j.ijdst.20160204.12
10.11648.j.ijdst.20160204.1210.11648.j.ijdst.20160204.12
10.11648.j.ijdst.20160204.12Arindam Paul
 
IRJET - Hash Functions and its Security for Snags
IRJET - Hash Functions and its Security for SnagsIRJET - Hash Functions and its Security for Snags
IRJET - Hash Functions and its Security for SnagsIRJET Journal
 
Technologies For Appraising and Managing Electronic Records
Technologies For Appraising and Managing Electronic RecordsTechnologies For Appraising and Managing Electronic Records
Technologies For Appraising and Managing Electronic Recordspbajcsy
 

Recommandé

Documenting Software Architectural Component and Connector with UML 2
Documenting Software Architectural Component and Connector with UML 2Documenting Software Architectural Component and Connector with UML 2
Documenting Software Architectural Component and Connector with UML 2editor1knowledgecuddle
 
Computer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowComputer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowBrijesh Vishwakarma
 
Mj2521372142
Mj2521372142Mj2521372142
Mj2521372142IJERA Editor
 
1 s2.0-s1877050915013460-main
1 s2.0-s1877050915013460-main1 s2.0-s1877050915013460-main
1 s2.0-s1877050915013460-mainkalachandru
 
A comparative study of symmetric key algorithm des, aes and blowfish for vide...
A comparative study of symmetric key algorithm des, aes and blowfish for vide...A comparative study of symmetric key algorithm des, aes and blowfish for vide...
A comparative study of symmetric key algorithm des, aes and blowfish for vide...pankaj kumari
 
10.11648.j.ijdst.20160204.12
10.11648.j.ijdst.20160204.1210.11648.j.ijdst.20160204.12
10.11648.j.ijdst.20160204.12Arindam Paul
 
IRJET - Hash Functions and its Security for Snags
IRJET - Hash Functions and its Security for SnagsIRJET - Hash Functions and its Security for Snags
IRJET - Hash Functions and its Security for SnagsIRJET Journal
 
Technologies For Appraising and Managing Electronic Records
Technologies For Appraising and Managing Electronic RecordsTechnologies For Appraising and Managing Electronic Records
Technologies For Appraising and Managing Electronic Recordspbajcsy
 
Jo3417381741
Jo3417381741Jo3417381741
Jo3417381741IJERA Editor
 
Access control in decentralized online social networks applying a policy hidi...
Access control in decentralized online social networks applying a policy hidi...Access control in decentralized online social networks applying a policy hidi...
Access control in decentralized online social networks applying a policy hidi...IGEEKS TECHNOLOGIES
 
82 86
82 8682 86
82 86Editor IJARCET
 
RSA and RC4 Cryptosystem Performance Evaluation Using Image and Text
RSA and RC4 Cryptosystem Performance Evaluation Using Image and TextRSA and RC4 Cryptosystem Performance Evaluation Using Image and Text
RSA and RC4 Cryptosystem Performance Evaluation Using Image and TextYekini Nureni
 
The Thing About Protecting Data Is, You Have To Protect Data
The Thing About Protecting Data Is, You Have To Protect DataThe Thing About Protecting Data Is, You Have To Protect Data
The Thing About Protecting Data Is, You Have To Protect DataAndy LoPresto
 
Survey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile CommunicationSurvey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile Communicationijsrd.com
 
Generation of Anonymous Signature and Message using Identity Based Group Blin...
Generation of Anonymous Signature and Message using Identity Based Group Blin...Generation of Anonymous Signature and Message using Identity Based Group Blin...
Generation of Anonymous Signature and Message using Identity Based Group Blin...IDES Editor
 
Nwc rsa
Nwc rsaNwc rsa
Nwc rsaanupamnm
 
DDS Security
DDS SecurityDDS Security
DDS SecurityAngelo Corsaro
 
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol ijujournal
 
Cryprography Assignment
Cryprography AssignmentCryprography Assignment
Cryprography AssignmentAshik Iqbal
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography Durgesh Malviya
 
Approaches for Mitigating Discovery Problems in Larger Systems
Approaches for Mitigating Discovery Problems in Larger SystemsApproaches for Mitigating Discovery Problems in Larger Systems
Approaches for Mitigating Discovery Problems in Larger SystemsReal-Time Innovations (RTI)
 
Cheap solar panels
Cheap solar panelsCheap solar panels
Cheap solar panelsHellen Meyer
 
The tools of the trade
The tools of the tradeThe tools of the trade
The tools of the tradeAlexis Müller
 
Linguas indoeuropeas
Linguas indoeuropeasLinguas indoeuropeas
Linguas indoeuropeasServando Lois Silva
 
Presentacion Curso Creditos
Presentacion Curso CreditosPresentacion Curso Creditos
Presentacion Curso Creditosjair
 
Slide presentase www.tantanganavanza.tk
Slide presentase www.tantanganavanza.tkSlide presentase www.tantanganavanza.tk
Slide presentase www.tantanganavanza.tkCV. MULTI SINERGY INDONESIA
 
The Professional Martial Arts Instructors in Australia
The Professional Martial Arts Instructors in AustraliaThe Professional Martial Arts Instructors in Australia
The Professional Martial Arts Instructors in Australiawebmasterjoydeep
 
Solar panels uk
Solar panels ukSolar panels uk
Solar panels ukHellen Meyer
 
Black history
Black historyBlack history
Black historySoh Zheng Yang
 
ICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxwrite4
 

Contenu connexe

Tendances

Access control in decentralized online social networks applying a policy hidi...
Access control in decentralized online social networks applying a policy hidi...Access control in decentralized online social networks applying a policy hidi...
Access control in decentralized online social networks applying a policy hidi...IGEEKS TECHNOLOGIES
 
RSA and RC4 Cryptosystem Performance Evaluation Using Image and Text
RSA and RC4 Cryptosystem Performance Evaluation Using Image and TextRSA and RC4 Cryptosystem Performance Evaluation Using Image and Text
RSA and RC4 Cryptosystem Performance Evaluation Using Image and TextYekini Nureni
 
The Thing About Protecting Data Is, You Have To Protect Data
The Thing About Protecting Data Is, You Have To Protect DataThe Thing About Protecting Data Is, You Have To Protect Data
The Thing About Protecting Data Is, You Have To Protect DataAndy LoPresto
 
Survey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile CommunicationSurvey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile Communicationijsrd.com
 
Generation of Anonymous Signature and Message using Identity Based Group Blin...
Generation of Anonymous Signature and Message using Identity Based Group Blin...Generation of Anonymous Signature and Message using Identity Based Group Blin...
Generation of Anonymous Signature and Message using Identity Based Group Blin...IDES Editor
 
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol ijujournal
 
Cryprography Assignment
Cryprography AssignmentCryprography Assignment
Cryprography AssignmentAshik Iqbal
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography Durgesh Malviya
 
Approaches for Mitigating Discovery Problems in Larger Systems
Approaches for Mitigating Discovery Problems in Larger SystemsApproaches for Mitigating Discovery Problems in Larger Systems
Approaches for Mitigating Discovery Problems in Larger SystemsReal-Time Innovations (RTI)
 

Tendances (13)

Jo3417381741
Jo3417381741Jo3417381741
Jo3417381741
 
Access control in decentralized online social networks applying a policy hidi...
Access control in decentralized online social networks applying a policy hidi...Access control in decentralized online social networks applying a policy hidi...
Access control in decentralized online social networks applying a policy hidi...
 
82 86
82 8682 86
82 86
 
RSA and RC4 Cryptosystem Performance Evaluation Using Image and Text
RSA and RC4 Cryptosystem Performance Evaluation Using Image and TextRSA and RC4 Cryptosystem Performance Evaluation Using Image and Text
RSA and RC4 Cryptosystem Performance Evaluation Using Image and Text
 
The Thing About Protecting Data Is, You Have To Protect Data
The Thing About Protecting Data Is, You Have To Protect DataThe Thing About Protecting Data Is, You Have To Protect Data
The Thing About Protecting Data Is, You Have To Protect Data
 
Survey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile CommunicationSurvey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile Communication
 
Generation of Anonymous Signature and Message using Identity Based Group Blin...
Generation of Anonymous Signature and Message using Identity Based Group Blin...Generation of Anonymous Signature and Message using Identity Based Group Blin...
Generation of Anonymous Signature and Message using Identity Based Group Blin...
 
Nwc rsa
Nwc rsaNwc rsa
Nwc rsa
 
DDS Security
DDS SecurityDDS Security
DDS Security
 
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
 
Cryprography Assignment
Cryprography AssignmentCryprography Assignment
Cryprography Assignment
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography
 
Approaches for Mitigating Discovery Problems in Larger Systems
Approaches for Mitigating Discovery Problems in Larger SystemsApproaches for Mitigating Discovery Problems in Larger Systems
Approaches for Mitigating Discovery Problems in Larger Systems
 

En vedette

Cheap solar panels
Cheap solar panelsCheap solar panels
Cheap solar panelsHellen Meyer
 
The tools of the trade
The tools of the tradeThe tools of the trade
The tools of the tradeAlexis Müller
 
Presentacion Curso Creditos
Presentacion Curso CreditosPresentacion Curso Creditos
Presentacion Curso Creditosjair
 
The Professional Martial Arts Instructors in Australia
The Professional Martial Arts Instructors in AustraliaThe Professional Martial Arts Instructors in Australia
The Professional Martial Arts Instructors in Australiawebmasterjoydeep
 

En vedette (8)

Cheap solar panels
Cheap solar panelsCheap solar panels
Cheap solar panels
 
The tools of the trade
The tools of the tradeThe tools of the trade
The tools of the trade
 
Linguas indoeuropeas
Linguas indoeuropeasLinguas indoeuropeas
Linguas indoeuropeas
 
Presentacion Curso Creditos
Presentacion Curso CreditosPresentacion Curso Creditos
Presentacion Curso Creditos
 
Slide presentase www.tantanganavanza.tk
Slide presentase www.tantanganavanza.tkSlide presentase www.tantanganavanza.tk
Slide presentase www.tantanganavanza.tk
 
The Professional Martial Arts Instructors in Australia
The Professional Martial Arts Instructors in AustraliaThe Professional Martial Arts Instructors in Australia
The Professional Martial Arts Instructors in Australia
 
Solar panels uk
Solar panels ukSolar panels uk
Solar panels uk
 
Black history
Black historyBlack history
Black history
 

Similaire à IJERD (www.ijerd.com) International Journal of Engineering Research and Development

ICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxwrite4
 
DIGITAL INVESTIGATION USING HASHBASED CARVING
DIGITAL INVESTIGATION USING HASHBASED CARVINGDIGITAL INVESTIGATION USING HASHBASED CARVING
DIGITAL INVESTIGATION USING HASHBASED CARVINGIJCI JOURNAL
 
Forensic Readiness on Hadoop Platform: Non-Ambari HDP as a Case Study
Forensic Readiness on Hadoop Platform: Non-Ambari HDP as a Case StudyForensic Readiness on Hadoop Platform: Non-Ambari HDP as a Case Study
Forensic Readiness on Hadoop Platform: Non-Ambari HDP as a Case StudyIJCSIS Research Publications
 
Cyber&digital forensics report
Cyber&digital forensics reportCyber&digital forensics report
Cyber&digital forensics reportyash sawarkar
 
Visualization of Computer Forensics Analysis on Digital Evidence
Visualization of Computer Forensics Analysis on Digital EvidenceVisualization of Computer Forensics Analysis on Digital Evidence
Visualization of Computer Forensics Analysis on Digital EvidenceMuhd Mu'izuddin
 
Signature verification based on proposed fast hyper deep neural network
Signature verification based on proposed fast hyper deep neural networkSignature verification based on proposed fast hyper deep neural network
Signature verification based on proposed fast hyper deep neural networkIAESIJAI
 
Count based Secured Hash Algorithm.
Count based Secured Hash Algorithm.Count based Secured Hash Algorithm.
Count based Secured Hash Algorithm.IOSR Journals
 
Digital Forensic Assignment Help
Digital Forensic Assignment HelpDigital Forensic Assignment Help
Digital Forensic Assignment HelpGlobal Web Tutors
 
Internet Relay Chat Forensics
Internet Relay Chat ForensicsInternet Relay Chat Forensics
Internet Relay Chat ForensicsIJSRD
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
How to Use Linux Forensic Analysis Tools for Digital Investigations.pdf
How to Use Linux Forensic Analysis Tools for Digital Investigations.pdfHow to Use Linux Forensic Analysis Tools for Digital Investigations.pdf
How to Use Linux Forensic Analysis Tools for Digital Investigations.pdfuzair
 
Comparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction ToolsComparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction Toolsijtsrd
 

Similaire à IJERD (www.ijerd.com) International Journal of Engineering Research and Development (20)

ICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxICT741 Digital Forensics.docx
ICT741 Digital Forensics.docx
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
DIGITAL INVESTIGATION USING HASHBASED CARVING
DIGITAL INVESTIGATION USING HASHBASED CARVINGDIGITAL INVESTIGATION USING HASHBASED CARVING
DIGITAL INVESTIGATION USING HASHBASED CARVING
 
Forensic Readiness on Hadoop Platform: Non-Ambari HDP as a Case Study
Forensic Readiness on Hadoop Platform: Non-Ambari HDP as a Case StudyForensic Readiness on Hadoop Platform: Non-Ambari HDP as a Case Study
Forensic Readiness on Hadoop Platform: Non-Ambari HDP as a Case Study
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Cyber&digital forensics report
Cyber&digital forensics reportCyber&digital forensics report
Cyber&digital forensics report
 
Visualization of Computer Forensics Analysis on Digital Evidence
Visualization of Computer Forensics Analysis on Digital EvidenceVisualization of Computer Forensics Analysis on Digital Evidence
Visualization of Computer Forensics Analysis on Digital Evidence
 
Signature verification based on proposed fast hyper deep neural network
Signature verification based on proposed fast hyper deep neural networkSignature verification based on proposed fast hyper deep neural network
Signature verification based on proposed fast hyper deep neural network
 
Count based Secured Hash Algorithm.
Count based Secured Hash Algorithm.Count based Secured Hash Algorithm.
Count based Secured Hash Algorithm.
 
Digital Forensic Assignment Help
Digital Forensic Assignment HelpDigital Forensic Assignment Help
Digital Forensic Assignment Help
 
Internet Relay Chat Forensics
Internet Relay Chat ForensicsInternet Relay Chat Forensics
Internet Relay Chat Forensics
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 
How to Use Linux Forensic Analysis Tools for Digital Investigations.pdf
How to Use Linux Forensic Analysis Tools for Digital Investigations.pdfHow to Use Linux Forensic Analysis Tools for Digital Investigations.pdf
How to Use Linux Forensic Analysis Tools for Digital Investigations.pdf
 
Comparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction ToolsComparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction Tools
 

Plus de IJERD Editor

A Novel Method for Prevention of Bandwidth Distributed Denial of Service Attacks
A Novel Method for Prevention of Bandwidth Distributed Denial of Service AttacksA Novel Method for Prevention of Bandwidth Distributed Denial of Service Attacks
A Novel Method for Prevention of Bandwidth Distributed Denial of Service AttacksIJERD Editor
 
MEMS MICROPHONE INTERFACE
MEMS MICROPHONE INTERFACEMEMS MICROPHONE INTERFACE
MEMS MICROPHONE INTERFACEIJERD Editor
 
Influence of tensile behaviour of slab on the structural Behaviour of shear c...
Influence of tensile behaviour of slab on the structural Behaviour of shear c...Influence of tensile behaviour of slab on the structural Behaviour of shear c...
Influence of tensile behaviour of slab on the structural Behaviour of shear c...IJERD Editor
 
Gold prospecting using Remote Sensing ‘A case study of Sudan’
Gold prospecting using Remote Sensing ‘A case study of Sudan’Gold prospecting using Remote Sensing ‘A case study of Sudan’
Gold prospecting using Remote Sensing ‘A case study of Sudan’IJERD Editor
 
Reducing Corrosion Rate by Welding Design
Reducing Corrosion Rate by Welding DesignReducing Corrosion Rate by Welding Design
Reducing Corrosion Rate by Welding DesignIJERD Editor
 
Router 1X3 – RTL Design and Verification
Router 1X3 – RTL Design and VerificationRouter 1X3 – RTL Design and Verification
Router 1X3 – RTL Design and VerificationIJERD Editor
 
Active Power Exchange in Distributed Power-Flow Controller (DPFC) At Third Ha...
Active Power Exchange in Distributed Power-Flow Controller (DPFC) At Third Ha...Active Power Exchange in Distributed Power-Flow Controller (DPFC) At Third Ha...
Active Power Exchange in Distributed Power-Flow Controller (DPFC) At Third Ha...IJERD Editor
 
Mitigation of Voltage Sag/Swell with Fuzzy Control Reduced Rating DVR
Mitigation of Voltage Sag/Swell with Fuzzy Control Reduced Rating DVRMitigation of Voltage Sag/Swell with Fuzzy Control Reduced Rating DVR
Mitigation of Voltage Sag/Swell with Fuzzy Control Reduced Rating DVRIJERD Editor
 
Study on the Fused Deposition Modelling In Additive Manufacturing
Study on the Fused Deposition Modelling In Additive ManufacturingStudy on the Fused Deposition Modelling In Additive Manufacturing
Study on the Fused Deposition Modelling In Additive ManufacturingIJERD Editor
 
Spyware triggering system by particular string value
Spyware triggering system by particular string valueSpyware triggering system by particular string value
Spyware triggering system by particular string valueIJERD Editor
 
A Blind Steganalysis on JPEG Gray Level Image Based on Statistical Features a...
A Blind Steganalysis on JPEG Gray Level Image Based on Statistical Features a...A Blind Steganalysis on JPEG Gray Level Image Based on Statistical Features a...
A Blind Steganalysis on JPEG Gray Level Image Based on Statistical Features a...IJERD Editor
 
Secure Image Transmission for Cloud Storage System Using Hybrid Scheme
Secure Image Transmission for Cloud Storage System Using Hybrid SchemeSecure Image Transmission for Cloud Storage System Using Hybrid Scheme
Secure Image Transmission for Cloud Storage System Using Hybrid SchemeIJERD Editor
 
Application of Buckley-Leverett Equation in Modeling the Radius of Invasion i...
Application of Buckley-Leverett Equation in Modeling the Radius of Invasion i...Application of Buckley-Leverett Equation in Modeling the Radius of Invasion i...
Application of Buckley-Leverett Equation in Modeling the Radius of Invasion i...IJERD Editor
 
Gesture Gaming on the World Wide Web Using an Ordinary Web Camera
Gesture Gaming on the World Wide Web Using an Ordinary Web CameraGesture Gaming on the World Wide Web Using an Ordinary Web Camera
Gesture Gaming on the World Wide Web Using an Ordinary Web CameraIJERD Editor
 
Hardware Analysis of Resonant Frequency Converter Using Isolated Circuits And...
Hardware Analysis of Resonant Frequency Converter Using Isolated Circuits And...Hardware Analysis of Resonant Frequency Converter Using Isolated Circuits And...
Hardware Analysis of Resonant Frequency Converter Using Isolated Circuits And...IJERD Editor
 
Simulated Analysis of Resonant Frequency Converter Using Different Tank Circu...
Simulated Analysis of Resonant Frequency Converter Using Different Tank Circu...Simulated Analysis of Resonant Frequency Converter Using Different Tank Circu...
Simulated Analysis of Resonant Frequency Converter Using Different Tank Circu...IJERD Editor
 
Moon-bounce: A Boon for VHF Dxing
Moon-bounce: A Boon for VHF DxingMoon-bounce: A Boon for VHF Dxing
Moon-bounce: A Boon for VHF DxingIJERD Editor
 
“MS-Extractor: An Innovative Approach to Extract Microsatellites on „Y‟ Chrom...
“MS-Extractor: An Innovative Approach to Extract Microsatellites on „Y‟ Chrom...“MS-Extractor: An Innovative Approach to Extract Microsatellites on „Y‟ Chrom...
“MS-Extractor: An Innovative Approach to Extract Microsatellites on „Y‟ Chrom...IJERD Editor
 
Importance of Measurements in Smart Grid
Importance of Measurements in Smart GridImportance of Measurements in Smart Grid
Importance of Measurements in Smart GridIJERD Editor
 
Study of Macro level Properties of SCC using GGBS and Lime stone powder
Study of Macro level Properties of SCC using GGBS and Lime stone powderStudy of Macro level Properties of SCC using GGBS and Lime stone powder
Study of Macro level Properties of SCC using GGBS and Lime stone powderIJERD Editor
 

Plus de IJERD Editor (20)

A Novel Method for Prevention of Bandwidth Distributed Denial of Service Attacks
A Novel Method for Prevention of Bandwidth Distributed Denial of Service AttacksA Novel Method for Prevention of Bandwidth Distributed Denial of Service Attacks
A Novel Method for Prevention of Bandwidth Distributed Denial of Service Attacks
 
MEMS MICROPHONE INTERFACE
MEMS MICROPHONE INTERFACEMEMS MICROPHONE INTERFACE
MEMS MICROPHONE INTERFACE
 
Influence of tensile behaviour of slab on the structural Behaviour of shear c...
Influence of tensile behaviour of slab on the structural Behaviour of shear c...Influence of tensile behaviour of slab on the structural Behaviour of shear c...
Influence of tensile behaviour of slab on the structural Behaviour of shear c...
 
Gold prospecting using Remote Sensing ‘A case study of Sudan’
Gold prospecting using Remote Sensing ‘A case study of Sudan’Gold prospecting using Remote Sensing ‘A case study of Sudan’
Gold prospecting using Remote Sensing ‘A case study of Sudan’
 
Reducing Corrosion Rate by Welding Design
Reducing Corrosion Rate by Welding DesignReducing Corrosion Rate by Welding Design
Reducing Corrosion Rate by Welding Design
 
Router 1X3 – RTL Design and Verification
Router 1X3 – RTL Design and VerificationRouter 1X3 – RTL Design and Verification
Router 1X3 – RTL Design and Verification
 
Active Power Exchange in Distributed Power-Flow Controller (DPFC) At Third Ha...
Active Power Exchange in Distributed Power-Flow Controller (DPFC) At Third Ha...Active Power Exchange in Distributed Power-Flow Controller (DPFC) At Third Ha...
Active Power Exchange in Distributed Power-Flow Controller (DPFC) At Third Ha...
 
Mitigation of Voltage Sag/Swell with Fuzzy Control Reduced Rating DVR
Mitigation of Voltage Sag/Swell with Fuzzy Control Reduced Rating DVRMitigation of Voltage Sag/Swell with Fuzzy Control Reduced Rating DVR
Mitigation of Voltage Sag/Swell with Fuzzy Control Reduced Rating DVR
 
Study on the Fused Deposition Modelling In Additive Manufacturing
Study on the Fused Deposition Modelling In Additive ManufacturingStudy on the Fused Deposition Modelling In Additive Manufacturing
Study on the Fused Deposition Modelling In Additive Manufacturing
 
Spyware triggering system by particular string value
Spyware triggering system by particular string valueSpyware triggering system by particular string value
Spyware triggering system by particular string value
 
A Blind Steganalysis on JPEG Gray Level Image Based on Statistical Features a...
A Blind Steganalysis on JPEG Gray Level Image Based on Statistical Features a...A Blind Steganalysis on JPEG Gray Level Image Based on Statistical Features a...
A Blind Steganalysis on JPEG Gray Level Image Based on Statistical Features a...
 
Secure Image Transmission for Cloud Storage System Using Hybrid Scheme
Secure Image Transmission for Cloud Storage System Using Hybrid SchemeSecure Image Transmission for Cloud Storage System Using Hybrid Scheme
Secure Image Transmission for Cloud Storage System Using Hybrid Scheme
 
Application of Buckley-Leverett Equation in Modeling the Radius of Invasion i...
Application of Buckley-Leverett Equation in Modeling the Radius of Invasion i...Application of Buckley-Leverett Equation in Modeling the Radius of Invasion i...
Application of Buckley-Leverett Equation in Modeling the Radius of Invasion i...
 
Gesture Gaming on the World Wide Web Using an Ordinary Web Camera
Gesture Gaming on the World Wide Web Using an Ordinary Web CameraGesture Gaming on the World Wide Web Using an Ordinary Web Camera
Gesture Gaming on the World Wide Web Using an Ordinary Web Camera
 
Hardware Analysis of Resonant Frequency Converter Using Isolated Circuits And...
Hardware Analysis of Resonant Frequency Converter Using Isolated Circuits And...Hardware Analysis of Resonant Frequency Converter Using Isolated Circuits And...
Hardware Analysis of Resonant Frequency Converter Using Isolated Circuits And...
 
Simulated Analysis of Resonant Frequency Converter Using Different Tank Circu...
Simulated Analysis of Resonant Frequency Converter Using Different Tank Circu...Simulated Analysis of Resonant Frequency Converter Using Different Tank Circu...
Simulated Analysis of Resonant Frequency Converter Using Different Tank Circu...
 
Moon-bounce: A Boon for VHF Dxing
Moon-bounce: A Boon for VHF DxingMoon-bounce: A Boon for VHF Dxing
Moon-bounce: A Boon for VHF Dxing
 
“MS-Extractor: An Innovative Approach to Extract Microsatellites on „Y‟ Chrom...
“MS-Extractor: An Innovative Approach to Extract Microsatellites on „Y‟ Chrom...“MS-Extractor: An Innovative Approach to Extract Microsatellites on „Y‟ Chrom...
“MS-Extractor: An Innovative Approach to Extract Microsatellites on „Y‟ Chrom...
 
Importance of Measurements in Smart Grid
Importance of Measurements in Smart GridImportance of Measurements in Smart Grid
Importance of Measurements in Smart Grid
 
Study of Macro level Properties of SCC using GGBS and Lime stone powder
Study of Macro level Properties of SCC using GGBS and Lime stone powderStudy of Macro level Properties of SCC using GGBS and Lime stone powder
Study of Macro level Properties of SCC using GGBS and Lime stone powder
 

Dernier

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 

Dernier (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 

IJERD (www.ijerd.com) International Journal of Engineering Research and Development

  • 1. International Journal of Engineering Research and Development e-ISSN : 2278-067X, p-ISSN : 2278-800X, www.ijerd.com Volume 2, Issue 5 (July 2012), PP. 64-70 Significance of Hash Value Generation in Digital Forensic: A Case Study Kailash Kumar1, Sanjeev Sofat2, S.K.Jain3, Naveen Aggarwal4 1 PhD (CSE) Student, PEC University of Technology, Chandigarh, India 2 Prof. and Head CSE Deptt. PEC University of Technology, Chandigarh, India 3 Deputy Director (Ball.) CFSL, Chandigarh, India 4 Assistant Professor CSE Deptt. UIET, Chandigarh, India Abstract––Digital forensics tools frequently use to calculate the hash value of digital evidence drive. MD5 and SHA hash function is used in digital forensic tools to calculate and verify that a data set has not been altered, due to the application of various evidence collection and analysis tools and procedures. Additionally, due to the impact on the personal life of the subject of an investigation, verification of the correct operation of tools and procedures is critical. This paper discusses the significance of hash value in digital forensic for the digital evidence. The research conducts six possible different cases as an experiment to generate and verify the hash value of test drive using forensic tool to demonstrate the importance of hash value in digital forensic. Additionally, unreliable results can be obtained because of the improper use of the application of the tools. Keywords––MD5; SHA; digital forensic; hash function. I. INTRODUCTION The field of digital forensic analysis has experienced rapid growth in recent years, as the use of computer forensic analysis proved invaluable in a wide range of legal proceedings. Digital forensics is used not only to investigate computerized crimes, such as network intrusion, fabrication of data and illegitimate material distribution through digital services, but also to investigate crime where evidence is stored in any digital format on any digital device [1]. One of the most important steps performed during a digital forensics investigation is the data acquisition step, which is “the task of collecting digital evidence from electronic media” [6]. During this step, the investigator makes an exact copy of the evidence disk or file to produce a forensics copy. To avoid destroying evidence, the investigation is conducted on the forensic copy, rather than the original evidence data. Thus, any data corruption that occurs during the investigation process can be rectified by using the evidence disk to create a new forensic copy to use to continue the investigation. Because a digital investigation frequently yields results that are used in a criminal or civil court proceeding which can drastically affect a person life, the investigator must be completely certain that the forensic copy is an exact copy of the evidence. The hash value plays an important role in forensic investigation for proving accuracy of digital data in front of judiciary. In this research article we are proposing some real time case study to prove the importance of hash value in digit al forensic investigation process. The remainder of this paper is organized as follows. Section 2 gives an overview of digital forensics. Section 3 provides a short background on hash function. Section 4 focuses on some case study of hash value generated in digital hard drive for forensic point of view. Finally section 5 concludes the paper and our future work. II. DIGITAL FORENSIC SCIENCE The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations. In 2001, the Digital Forensics Research Workshop [DFRW] [3] proposed a process for digital investigations that involves the following six steps. In this time we are more concern about the analysis phase, hash analysis is also a part of whole digital analysis that we mention in the original DFRW model illustrates in fig 1. Identification Preservation Collection evidence Presentation Analysis Examination Hash Analysis Fig. 1. Digital forensic investigation process 64
  • 2. Significance of Hash Value Generation in Digital Forensic: A Case Study Digital forensics is the science of identifying, extracting, analyzing and presenting the digital evidence that has been stored in the digital electronic storage devices to be used in a court of law [1, 4, 5]. III. HASH FUNCTION Definition: An algorithm that turns a variable-sized amount of text into a fixed-sized output (hash value). Hash functions are used in creating digital signatures, hash tables and short condensations of text for analysis purposes. Hash functions are also known as "cryptographic hash functions. A hash function H is a transformation that takes a variable-size input „m‟ and returns a fixed-size string, which is called the hash value h (that is, h = H(m)). Hash functions with just this property have a variety of general computational uses, but when employed in cryptography the hash functions are usually chosen to have some additional properties. The basic requirements for a cryptographic hash function are:  the input can be of any length,  the output has a fixed length,  H(x) is relatively easy to compute for any given x ,  H(x) is one-way,  H(x) is collision-free. A hash function H is said to be one-way if it is hard to invert, where "hard to invert" means that given a hash value h, it is computationally infeasible to find some input x such that H(x) = h. If, given a message x, it is computationally infeasible to find a message y not equal to x such that H(x) = H(y) then H i s said to be a weakly collision-free hash function. A strongly collision-free hash function H is one for which it is computationally infeasible to find any two messages x and y such that H(x) = H(y). The hash value represents concisely the longer message or document from which it was computed; one can think of a message digest as a "digital fingerprint" of the larger document. Perhaps the main role of a cryptographic hash function is in the provision of digital signatures. Since hash functions are generally faster than digital signature algorithms, it is typical to compute the digital signature to some document by computing the signature on the document's hash value, which is small compared to the document itself. Additionally, a digest can be made public without revealing the contents of the document from which it is derived. This is important in digital time stamping where, using hash functions, one can get a document time stamped without revealing its contents to the time stamping service. A. Practical Hash Function This section covers hash functions that are most likely used in digital forensic software/tools: MD5 and SHA-1. For their detailed description we refer the reader to the documents issued by standardization bodies. MD4 and MD5:MD4 was proposed by Ron Rivest in 1990 and MD5 [7] followed shortly thereafter as its stronger version. Their design-had great influence on subsequent constructions of hash function. The letters “MD” stands for “message digest” and the numerals refer to the functions being the fourth and fifth designs from the same hash-function family. SHA-0 and SHA-1: The Secure Hash Algorithm (SHA) was initially approved for use with the Digital Signature Standard (DSS) in 1993 [2]. Two years later the standard was updated to become what is currently known as SHA-1 [8]. The first version of SHA is referred in the cryptographic literature as SHA-0, although it has never been its official designation. SHA- 1 differs from SHA-0 by exactly one additional instruction, which is nonetheless extremely important from the cryptanalytic perspective. Since there were no reasons to prefer the initial version of the standard, SHA-1 replaced SHA-0 in all but most antiquated applications. The details of these hash function is briefly illustrates in table 1below. Table1. Practical Hash function Name Block Size(bits) Word Size(bits) Output Size(bits) Rounds MD4 512 32 128 48 MD5 512 32 128 64 SHA-0 512 32 160 80 SHA-1 512 32 160 80 B. Hash value generation in digital forensic Generally hash value is used to check the integrity of any data file but, in digital forensic it is used to check the integrity of evidence disk data. The image of a disk is created in digital forensic for analysis so, it is necessary the image have exactly or replica of evidence disk. The hash value generated during imaging should match when that image of evidence disk is extracted for detail analysis. In digital forensic hash value is generated for whole disk data not only single or multiple files. 65
  • 3. Significance of Hash Value Generation in Digital Forensic: A Case Study The hash value generated using forensic tools in the form of hexadecimal notation. Here we are giving an example to convert it in too two easily understandable form for forensic practitioner who don‟t have enough knowledge about computer system. Using the hash value generated of case1: 79EAB87F0D3A3B45954779A72F79AE63 1. Table 2 shows the binary form of the given hexadecimal value: Table2. Binary code for Hash value 0111 1001 1110 1010 1011 1000 0111 7 9 E A B 8 7 1111 0000 1101 0011 1010 0011 1011 F 0 D 3 A 3 B 0100 0101 1001 0101 0100 0111 0111 4 5 9 5 4 7 7 1001 1010 0111 0010 1111 0111 1001 9 A 7 2 F 7 9 1010 1110 0101 0011 A E 6 3 2. The following steps involve to convert given hexadecimal hash value into decimal form: Step1. Use Hexadecimal to Decimal conversion process as given below: 7*1631 + 9*1630 +E*1629+A*1628 +………….6*161 +3*160 Step2. Substitutes the equivalent numerical value in place of alphabet in hexadecimal hash value as given below. A=10, B=11, C=12, D=13, E=14, F=15 After substitution: 7*1631 + 9*1630 +14*1629+10*1628 +…….6*161 +3*160 Step3. Calculate hash value in decimal form. IV. PROPOSED FRAMEWORK FOR HASH VALUE CALCULATION The experimental model/framework for hash value calculation in digital forensic is proposed in fig 2. Using this model the test data has been generated on digital hard drive. Finding evidence for system tampering, data hiding or deleting utilities, unauthorized system modifications etc. should also be performed. Detecting and recovering hidden or obscured information is a major tedious task involved. Data should be searched thoroughly for recovering passwords, finding unusual hidden files or directories, file extension and signature mismatches etc. while searching the above said information from an evidence disk the forensic software is also create the hash value of the whole drive to check the integrity of the disk. In forensic data acquisition phase the hash value is generated at the time of imaging the evidence disk and compare that hash value at the time of examination or copying the contents of the disk. If both the hash value is identical than the forensic expert assume everything is fine otherwise some kind of tampering is involved with the evidence disk. Here the case study focuses the importance of hash value in forensic examination has been explored. Evidence disk Write Blocker Forensic tool Acquisition hash Verification hash Presentation Fig. 2. Hash calculation model 66
  • 4. Significance of Hash Value Generation in Digital Forensic: A Case Study The model is used to create an image of test hard drive connected with write blocker (Ex. Fast Blok), to avoid writing anything by any vulnerable program running on the system. We can use any forensic tool for creating disk image along with hash value. The Encase forensics [9] is a simple but concise tool used in this case study. It saves an image of a hard disk in one file or in segments that may be later on reconstructed. It calculates MD5 hash values and confirms the integrity of the data before closing the files. Now the raw image created by Encase program is used for analysis and examination purpose. While extracting data from raw image the Encase program also verifies previous generated hash value and creates summary/report for forensic validation and presentation that match finds. The importance of hash value in digital forensic is illustrates in six different cases has been generated and analyzed below. 1. CASE1. Compute hash value in original: Here we generate hash value of original test evidence disk, which contains some suspect files/data for forensic analysis and also verifies the hash value after imaging/acquisition, report shown below in figure 3. Fig. 3. Case1 report 2. CASE2. Add any file in test drive and check hash with original: In this case the experiments generated the report shown in fig 4. The impact of adding any file in the test drive by mistake or by concern, correspondingly the hash value is verified with the original. The hash value differs from the original/actual evidence drive. Original hash value: 79EAB87F0D3A3B45954779A72F79AE63 New hash value: DE9EAD6A3B7B02475ADB6EB83CCB2826 Fig. 4. Case2 report 3. CASE3. Remove any file from the test drive and compare hash with original: In this case the experiments illustrate if any single or multiple files deleted from the evidence disk, correspondingly hash value of the drive is generated and compare with original. The difference of hash value generated report is shown in fig 5. Original hash value: 79EAB87F0D3A3B45954779A72F79AE63 New hash value: ECB15214986D91DF876F2F773F9E0F4D 67
  • 5. Significance of Hash Value Generation in Digital Forensic: A Case Study Fig. 5. Case3 report 4 CASE4. Modify any file: This case is totally differing from the previous two cases of add and remove files from the drive, describes in two sub cases below:  Case 4.1. Add some contents in any file and check hash with original: Here we are demonstrates the case when small amount of data is added in any file. The report generated with hash value shows in fig 6. The comparison of hash value with the original is also mention below. Original hash value: 79EAB87F0D3A3B45954779A72F79AE63 New hash value: E02365F1BFCCA37AAB5E62D6262EBADE Fig. 6. Case4.1 report  Case 4.2. Remove some contents from any file and compare hash with original: Here we are demonstrates the case when some portion of data is erased from any file. The generated report with hash value shown in fig 7 below. Original hash value: 79EAB87F0D3A3B45954779A72F79AE63 New hash value: 43D25B68F22A84CD95C5214F0414E511 68
  • 6. Significance of Hash Value Generation in Digital Forensic: A Case Study Fig. 7. Case4.2 report 5. CASE5. Shifting some contents from one file to another and check hash with original: Sometimes the content of one file is shifted to another file rather than the whole file the results of hash value comparison with original shows in figure 8 below. Original hash value: 79EAB87F0D3A3B45954779A72F79AE63 New hash value: 593026F4FB3437E7D47FC4178F22EC92 Fig. 8. Case5 report 6. CASE6. Update some contents in existing file and compare hash: The case is related where financial and accounting data is much more valuable than other contents of the disk. Sometimes the suspect modified only numerical contents of the data files. The experiments demonstrate here is to check whether the hash value generated in forensic tool differ or match with any previous case shows in figure 9 below. Original hash value: 79EAB87F0D3A3B45954779A72F79AE63 New hash value: C6D351D5F05CC6273EBD153FC25B5E7B 69
  • 7. Significance of Hash Value Generation in Digital Forensic: A Case Study Fig. 9. Case6 report V. CONCLUSION & FUTURE WORK The role of hash value is demonstrated in this research work with the help of different cases involved in data tampering is analyzed and verified. The focus of this research is strongly on the hash value of whole digital drive not a single file. The aim of this work to show that even if a small modification happen in digital evidence, detected in the hash value. Given a different heuristic, it would be interesting to apply this technique in future to other file systems other than that of Windows and to compare results. VI. ACKNOWLEDGMENT The authors thankful to Mr. Vivek Kumar Forensic Analyst Central Forensic Science Laboratory, Chandigarh, for their useful contribution and Software/Hardware support for this case study. REFERENCES [1]. S. Ardisson. Producing a Forensic Image of Your Client‟s Hard Drive? What You Need to Know, Qubit, 1, pp. 1-2, 2007. [2]. “Digital signature standard,” FIPS PUB 186-2, 2000. Available from: www.csrc.nist.gov/publications/fips/fips186-2/fips186-2- change1.pdf [3]. G. Palmer. A road map for digital forensic research. Report From the First Digital Forensic Research Workshop (DFRWS), August 2001. [4]. M. Alazab, S. Venkatraman & P. Watters. Digital forensic techniques for static analysis of NTFS images, Proceedings of ICIT2009, Fourth International Conference on Information Technology, IEEE Xplore, 2009. [5]. M. Reith, C. Carr, & G. Gunsch. An examination of digital forensic models, International Journal of Digital Evidence, 1, pp.1- 12, 2002. [6]. Nelson, B. Phillips, A. Enfinger, F. Steuart, C. Guide to Computer Forensics and Investigations: Third Edition, Course Technology, 2008. [7]. Ronald L. Rivest. The MD5 message-digest algorithm, IETF RFC 1321, 1992. Available from www.ietf.org/rfc/rfc1321.txt [8]. Secure hash standard, FIPS PUB 180-1, 1995. Available from: www.itl.nist.gov/fipspubs/fip180-1.htm [9]. Guidance Software Inc. Encase forensics. http://www.guidancesoftware.com. 70