Title: A PRIVACY-PRESERVING APPROACH FOR COLLECTING EVIDENCE IN FORENSIC INVESTIGATION

Issue Number: Vol. 2, No. 1
Year of Publication: March - 2013
Page Numbers: 70-78
Authors: Shuhui Hou, Siu-Ming Yiuy, Tetsutaro Ueharaz, Ryoichi Sasakix
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong

Abstract:


Capturing digital evidence is crucial for counteracting against computer and cyber crimes. The technique of cloning the whole harddisk (for single PC) for investigation is not feasible in large sharing systems (e.g. in a third-party email server, data center or cloud system). Privacy is also a major concern as most of the data in these systems is not relevant to the crime case. The problem is how to retrieve the relevant information without the investigator knowing, other irrelevant data while the server administrator does not know what the investigator is searching. To solve this problem, Hou et al. modelled the problem as a secure keyword searching problem and proposed a number of encryption-based schemes. While the schemes are theoretically sound, the efficiency is a concern. Besides, there are several shortcomings in their schemes. Data integrity and authenticity are not considered; re-encryption for each investigator is needed if there are multiple investigators. In this paper, we solve the same problem using the technique of secret sharing to improve efficiency. By exploiting the homomorphic property of the secret sharing schemes, data integrity and authenticity can be guaranteed using digital signature. Our solution can also handle multiple investigators more efficiently. We showed that our solution is more efficient by experiments and comparing the number of operations required by our solution with some existing work.