Computer Image Verification and Authentication

Project Name: Computer Image Verification and Authentication

Description: This blog will help all forensics investigator for Computer Image Verification and Authentication

Author: Rohit D Sadgune

Frequently Asked Question on Computer Forensics Investigation

• Checklist of Computer Image Verification and Authentication

1. Alter the data on the cartridge. To successfully subvert the digital integrity verification and authentication protocol, it would be necessary to do the following without detection: either in a manner that ensures that the relevant data block produces the same hash value or that the relevant hash value is recalculated and inserted into the vault,  (1)recalculate all the subsequent derivative hash values;  (2)recalculate and rewrite the relevant encrypted block; break the seals on the relevant digital integrity verification and authentication floppy disks; and rewrite the data and repair the seals.
2. Alter the data on the machine and then re-DIBSR it (if the machine in question was available). This would require the original DIBS drive; the original password known only to the copying officer (and encrypted on each cartridge in the series); exact knowledge of the date and time settings within the computer at the time of the original copy; and either a similarly numbered tamperproof bag on which the defendant’s signature would be forged, or the original bagopened and resealed with the new floppy inside.
3. Examine and analyze any discrepancies between the defendant’s floppy disk and that of the investigators to determine whether such discrepancies disqualified any or all of the copied data. The digital integrity of the floppy disk and the physical integrity of the tamperproof bag are, in this case, the arbiters of whether such discrepancies were deliberately manufactured.
4. Make sure the digital integrity of any element in the chain (cartridges and floppies) is verified independently of the others (especially through the inclusion of the encryption phase). It is, thus, useless for a defendant to destroy his or her floppy disk in the hope that its absence will assist any challenge to the digital integrity verification and authentication
5. Make sure that security-conscious CIOs meet with their counterparts to discuss security issues with their senior executives, have a dedicated chief security officer, perform a formal assessment of security risk, conduct simulated security breaches, force users to change passwords more frequently, and consult with vendors about their own security precautions.
6. Take steps to make sure security is a higher priority for your company.

GO BACK TO COMPUTER FORENSICS CHECKLIST