Portal de Periódicos da CAPES

An Efficient Scheme for Hard Disk Integrity Check in Digital Forensics by Hashing with Combinatorial Group Testing

2011; Advanced Institute of Convergence Information Technology Research Center; Volume: 5; Issue: 2 Linguagem: Inglês

10.4156/jdcta.vol5.issue2.35

2233-9310

Junbin Fang, Zoe L. Jiang, Siu‐Ming Yiu, Lucas C. K. Hui,

Privacy-Preserving Technologies in Data

In this paper, we describe the problem of checking the integrity of a hard disk for forensics investigation after the computer of a suspect has been seized. Existing solutions do not provide a satisfactory solution to solve the problem. They either require a huge amount of storage to store the hash values of the sectors or may not be able to cope with the situation in an effective way in case some sectors have been changed (e.g. become bad sectors or deleted due to being part of the Legal Professional Privilege items). We propose an efficient hashing scheme with combinatorial group testing to calculate hash values for all sectors in a hard disk as the integrity proof and precisely locate the sectors which have been changed. Experimental results show that the scheme can significantly decrease the storage overhead (0.5MB needed for a 250GB hard disk) while require similar computational time compared to the existing approach. The computational time can be further decreased using our improved 2-stage approach.