To reduce the chance of being compromised, digital evidence must be preserved in a secure way when it is generated. The preservation must assure confidentiality, integrity, and survivability of the digital evidence. Some generic storage systems have been proposed. However, they cannot meet the critical requirements for digital evidence preservation. This paper introduces a secure distributed digital evidence preservation system (DEPS) which can preserve digital evidence generated by mission critical servers. With the novel and lightweight (n, n, n-1) secret recovery scheme we proposed, DEPS can efficiently divide each block of a digital evidence file into n shares, compress the first n-1 shares, and then construct a share-message with a sequence number and a fingerprint for each share. Only all the n shares combined together suffice for recovering the block. An adversary can neither obtain any information about the original block from a share-message, nor can he modify digital evidence without being discovered. By using intelligent replication, DEPS can dynamically duplicate and distribute each share-message to a set of distributed repositories to achieve high survivability. The security and performance analyses showed that DEPS is adequate for preserving digital evidence.
- Digital evidence preservation
- Secret recovery scheme