Beta 1


Title Preserving Cybercrime Evidence
Author Brickmanne, Martin de la Herran
Supervisor Sharp, Robin (Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
Institution Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark
Thesis level Master's thesis
Year 2003
Abstract Cybercriminals who are trying to hack into a system usually take precautions to remove or hide as many traces of their activity as possible, for example by deleting (parts of) log files, replacing certain system functions by special "hacker versions" which if activated will not reveal the presence of the hacker, and so on. This can make it difficult for a prosecutor to secure reliable evidence of what has happened, in case it is necessary to proceed with criminal charges. In this project, techniques for ensuring that reliable evidence can be preserved are to be investigated. These will include secure logging, secure system monitoring, and hardening of the system against changes introduced by authorised or unauthorised users. The analysis should consider as many aspects of these techniques as possible, including for example: - The type of evidence which they can secure and its significance for the investigation of cybercrimes; - The technical requirements for their implementation; - The extent to which they degrade system performance. Based on this analysis, a design proposal for a system which is resistant to the destruction of cybercrime evidence is to be produced, and (to the the extent that time permits) a demonstration model of such a system is to be implemented.
Imprint Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU : DK-2800 Kgs. Lyngby, Denmark
Fulltext
Original Postscript imm2555.ps (1.42 MB)
Derived PDF imm2555.pdf (0.59 MB)
Admin Creation date: 2006-06-22    Update date: 2012-12-20    Source: dtu    ID: 58601    Original MXD