International Journal of Computational Intelligence and Information Security, November 2011 Vol. 2, No.

11

Investigating Privacy Issues in Forensics Investigation

Ali Dehghantanha, Andy Seddon Asia Pacific University College of Technology and Innovation Technology Park Malaysia Kuala Lumpur, Malaysia {ali_dehqan, Andy}@ucti.edu.my

Abstract
This paper discusses about the privacy and forensics of routing protocol, networking, computer hard drives and file types. There are several problems towards privacy infringement varies from file format access to networking access. Solutions towards such problems are defined accordingly in order to mitigate the problems from rising back up. The benefits of this paper is to ensure that users around the world would know of the happenings and processors that happen during the usage of the computer and not just use the computer system blindly.
Keywords:privacy, forensics, digital investigation

I.

INTRODUCTION

Privacy and forensics has been around for a very long time and it has influence various individuals whether it is an organization or solely for individual purposes. There are many different types of privacy infringement and forensics investigation. Privacy and forensics are a very vague section thus anything that is related towards privacy is done in an utmost careful manner. Many tools are being used to eradicate and to solve issues regarding privacy matters and some even strongly believe their computer may have been monitored by users around the world just by logging on to the internet [1]. For users that doesnt know much about computing, they believe that after deletion upon files into the recycle bin on the computer, the files will permanently be destroyed and deleted. While this has been proven to be wrong, any forensic team easily can recover the files that were deleted just by analyzing their computer hard disk. [2]. Besides that, certain software vendors take advantage of their customer by achieving privacy-invasive software or also known as PIS by selling and distributing adware and spyware software to users. These software vendors invade user privacy by sneaking into the user system while deceiving the users about their business and performing various denial of service function to the user computer without the knowledge of the user [3]. Anyone who uses the tools of forensic analysis also has the ability to invade certain users privacy whereby past history events that are assumed to be deleted from the computer can be retrieved back using these tools [4]. Privacy attacks has also taken its place through phishing attack whereby computer users are faked into lucrative websites for the attackers benefits and thus performing various ways from the website to the users whereby users have to insert in private and confidential information [5]. Many techniques have been used to fight privacy infringement which one of the attacks is by teaching students with real life case scenario. Colleges teach students by using various methods such as honeypots in order to practice them for real life scenarios for forensic investigation method in the working world [6]. Privacy and individual rights will defer accordingly. Once the evidence has been laid down on individual, the individual will not have the rights to deny any privacy infringement accusation over himself or herself until the individual is proven guilty or not guilty over his/her actions [7]. II. REVIEW OF RELATED WORKS: PRIVACY AND FORENSICS

Previously, privacy infringement has been an vital issue for individuals who are involve and the only solution towards solving it is by gathering a team of forensic to investigate the matters or either solving it using tools which only experts are familiar with. This thus provides a treat towards individual who are unaware of any privacy infringement and are involve in privacy infringement attack.

27

International Journal of Computational Intelligence and Information Security, November 2011 Vol. 2, No. 11

In order to benefit from certain individual privacy being invaded, the US Naval Research Laboratory has created Onion Routing which is use for avoidance of traffic analysis [1]. Previously, before the usage of onion routing, Traffic Analysis was used in order to identify certain remote IP addresses which the host wants to seek contact with [1]. Other than that, according to a study shown by Simson Garfinkel and Abhi Shelat, over 158 second-hand were seize for further privacy investigation in the year 2002. Out of that 158 second-hard hard drive seized, 129 were functioning and out of that 129 functioning, only 12 hard disk data were properly wiped out. This proves that majority of individual privacy information are still intact with the hard drive thus making it vulnerable for any attacker to retrieve such information [2]. Besides that, privacy of an individual fairly lies within the hard drive content and the integrity of the deletion process is vital in order to completely delete/remove the particular information regarding an individual. In a study shown, the computer doesnt physically remove data just by performing a deletion operation [3]. Tools like EnCASE or Sleuth Toolkit are used to investigate the data and datas that are retrieved back are mainly due to the conventional deletion operation method [3]. Other than that, phishing attack has also been a major concern towards privacy attacks. Based on a study lead by Chandrasekaran et al, he uses HTML code which act as web bug in order to create fake identities forms out which then lures phishers towards attacking that specific identity [4]. This is done to learn about the strategies that phishers users to attack such website for phishing purposes which lead towards privacy invasion upon certain individual [4]. Databases queries are also part of the privacy and forensic purposes. Many privacy of individuals could be invaded just by storing information of individuals via a database server. A study shown that sensitive databases from the hospital database are being extracted out easily by individuals who are interested with such information. Therefore the usage of Hippocratic database is being used in order to enable identity of individuals towards the access of secret information within a database server [5]. In recent studies done by Byers, he said that hidden text could be easily extracted out via Microsoft Word. This thus easily helps privacy invaders to invade individual privacy information even though texts are hidden from the document file. Almost every document that were widely known had some hidden contents whether it is deleted text or revision which thus helps in retrieving vital information about any individual from that specific document file that was retrieved by the attacker[6]. Digital forensics has become one of the vast major roles in todays world of technology. Thus being said, the forensic readiness has to play a major role in privacy infringement and invasion. Studies have shown that Yasinsac and Manzano defined policies regarding computer and network forensics in order to stop any attacks towards privacies of a individual. Even so, Luoma has also proposed the establishment of multi-disciplinary management team which ensures legal compliance with discovery request. The vast effort and worked done by these individuals helps to protect information privacy and had create a big impact upon forensic readiness to be conducted drastically in order to protect the public from being a victim of privacy infringement [7]. III. LITERATURE REVIEW ANALYSIS

There are many challenges that Privacy and forensics have to face in order to overcome individual rights. Firstly to start things off, forensics investigations that are based upon standalone computers are harder to perform compared to privoxy based machine investigation method. Configuration files, logs, cache/cookies management and others could be found out through the privoxy based machine and results are shown more effective compared to a normal based machine [1]. Besides that, there are many flaws towards society who owns their own personal computer and doesnt realize the risked that they have regarding their personal information stored inside the computer. There have been studies shown that an amount of personal hard disk drive have been seized and results shown that many have not wiped out their personal data content inside the hard disk drive. Stolen personal information may have occurred under such circumstances. There are tools designs for free or some has to be purchased over a small amount in order to prevent such cases from happening in the future [2]. Anti-spyware is also designed to help individuals upon prevention of viruses. Regardless of individuals using the AntiSpyware software, the software also indirectly obtains personal information of users without the knowledge of users thus privacy infringement of users has been breached unexpectedly. In order to avoid such cases from happening, companies have to develop routines to informed users regarding actions that are performed by the software upon installation [3]. A security breach upon databases is also counted as privacy infringement which therefore a study has categorized users with unrestricted access to the storage of a disk being in the adversary zone. In order to prevent such cases from happening in

28

International Journal of Computational Intelligence and Information Security, November 2011 Vol. 2, No. 11

the distant future, MySQL has been modified accordingly to improve privacy stability substantially. Future enhancements over such matters are also taken highly into considerations [4]. Frameworks have also been designed to split internal privacy policies towards private information. Frameworks that are designed help to fairly protect information principles for certain individual as incidents caused by accidents usually occurs when policies has been violated by certain attackers. In order to adhere such guidelines to prevent such privacy policies from happening, framework upon privacy protection will be implemented to maintain and prevent information privacy incidents from happening and forensic tests are also done to ensure the readiness and capability upon such incidents [5]. Changing file formats is also being categorized under privacy and forensic problem. This thus makes the recovering of data over such file to be harder to identify despite such modification being made. Tools have been made in order to prevent such cases like users sending disguised documents over the internet [6]. Besides that, PDF files have been proven to be able to get tracked by any users over the internet provided the file has been connected to the internet. This thus provides privacy attack towards the victims and the possibilities to retrieve certain PDF file version. Certain tools designed to retrieve previous version of the file and also displaying certain information that are not meant to be published from the users without the knowledge of the users. User awareness could be taken into highly consideration by users worldwide and users are supposed to be aware of such cases that may happen to them over the internet. This thus will help to resolve such issue which invades users privacy using just the PDF files and the internet [7]. IV. PROPOSED SOLUTION

As privacy infringement grows rapidly as the years go by, many solutions can be forged out in order to solve such matters in the privacy and forensic field. In order to solve routers privacy infringement, many methods have been used such as traffic analysis and implementation of proxy towards network thus making it easier to investigate any attacks over the routers. Other than that, in order for some individuals to protect their encrypted files from being publicly invaded by others, such methods such as by eliminating multiple password or encryption method is used to protect their key. In order to protect ones personal computer from being illegally invaded in by anti-spyware software vendors, signature based identification is being used. Anti-Spyware vendors have to go through a signature database before it can distribute out their updated programs to users worldwide. Besides that, in order to protect IP addresses from being invaded, honeypots alongside with anti-flooding mechanisms is used which it constantly change the machines IP addresses in order to prevent phishers from attacking that specific IP addresses. This thus strengthens the defenses of the IP and the user. Other than that, a model of secret information regarding a disclosure of a third party is being presented in order to prevent information leakage. This disclosure is known as NP-complete. An algorithm has been designed specifically in order to detect such suspicious activity within the database and to prevent any other suspicious activity from extracting vital information from the database. In order to produce file system images for the forensic team to investigated privacy matters related to images, Forensig which is a tool has been created out to solve such indirect attack upon obtaining information from second hand hard disk drive. The tool has made a useful alternative towards analyzing second hand hard disks which tests were performed in the University of Mannheim. In order to identify the file types as an privacy invaded material, FHT which is also known as File Header/Trailer Algorithm, MDA which is also known as Multi Discriminant Analysis Algorithm, and CFD which is also known as Compound File Detection Algorithm is being used. These algorithm can detect the file even if the file has been changed or corrupted thus making the privacy forensic easier to detect. Besides that, in order to protect the privacy of the virtual disk from being invaded in, the Virtual Disk Encryption Tool has been designed to protect information from being extracted out. This thus helps to verify installation process, runtime of individual personal computer and deletion of the Virtual Disk Encryption tool which helps the Digital Forensic team to gather information easier and therefore helping them to investigate on privacy infringement over certain virtual disk. In order to benefit investigators without going through repeated request of permissions for investigation purposes, a mechanism has been designed in such a way that the more sensitive the information is, and then only will it be accessible towards investigators. Though through this method, complexity has increased dramatically but only through this method will the investigators will not be able to take advantage upon individual privacy.

29

International Journal of Computational Intelligence and Information Security, November 2011 Vol. 2, No. 11

Other than that, in order to solve privacy infringement from PDF format files, AnalyzePDF, ModPDF has been used in order to prevent information from being retrieved by other individuals even though there are claims that PDF files are secured in many ways. Many studies has shown the defect of the PDF file formats and are prone towards attacks thus such tools are being used to stop such action from happening [14]. Other than that, constant updates online are also required in order to fix the program from being too prone towards many kinds of attacks. V. ANALYSIS OF PROPOSED SOLUTIONS

Fundamentally, via implementing network proxies as well as traffic analysis helps in providing beneficial aids on analyzing the network traffics, investigating router attacks and unauthorized breaches as compared to other solutions. It is because traffic analysis seems to be more structured and organized in many different manners in helping forensic investigators to verify the security levels between the routers and firewalls. Thus, it helps to mitigate router attacks in a proper manner. Encryption proves to be the latest and cutting-edge technology whereby users can just encrypt and decrypt their files and privacy from been tampered by unauthorized users. As comparing to other methods in the current tech-savvy market, encryption as well as implementation of elimination of multiple passwords seems to be more secure din terms of authenticity and originality of files cannot be easily tampered. Therefore, the result of having them intact will enhance the privacy level and retains the originality of information by mitigating breaches. With the implementation of signature database, one can be sure of overcoming anti-spyware vendor predicaments. It is because signature database only allow an anti-spyware vendor to pass-through it before it allows the vendor to distribute updated programs to the worldwide. Thus, this will help to prevent distribution of unnecessary and irrelevant programs to the worldwide. Honeypots are more capable of dealing with preventing and mitigating phishing attacks on a specific IP address as compared to other technology such as firewalls. It is because it creates mirroring IP address via constantly changing the IP address so that, phishers will deliberately attack them without knowing those are the mirrored IP address. Other than that, NP-Complete operate on an unique algorithm to prevent unauthorized extraction of files from a particular secured database. This act as a shield to overcome fabrication or falsification of extracted files and it can be as well-organized solution as compared to other types solutions out in the market. Apart from that, in order to create file system images for the forensic team to investigated privacy matters that heavily related to images, a tool named Forensig which has been created out to decipher such indirect obtain information from second hand hard disk drive. Similarly, it works in various type of operating system environment as compared to tools like Restoration and Recuva. Algorithms such as FHT or also known as File Header/Trailer Algorithm, MDA or also known as Multi Discriminant Analysis Algorithm, and CFD also known as Compound File Detection Algorithm has been used to identify the file types and classify it from being an privacy invaded materials and information. Another good advantage of having these algorithms intact is they can help to distinguish the file even if the file has been altered or corrupted. Hence, making the privacy forensic easier to perceive in difficult times. Besides that, to protect the privacy of the virtual disk from being tampered into, the Virtual Disk Encryption Tool has a functionality whereby it is been uniquely designed to protect such information from being extracted out as compared to other kind of tools out there in the market. Hence, it helps to provide beneficial aids in verifying installation process, runtime of individual personal computer and deletion of the Virtual Disk Encryption tool which helps the Digital Forensic team to gather information easier and eventually lead them to investigate on privacy infringement over certain virtual disk. Similarly, a unique mechanism has been designed in such a way that the more sensitive the information is, and then only will it be accessible for the respective investigators. This proves to be an upper hand as compared to other tools in the market whereby this unique mechanism allows information to be accessed even it is sensitive in another sense. Last but not least, AnalyzePDF, ModPDF has been used in order to thwart information from being retrieved by unauthorized even though there are claims that PDF files are secured in many ways. Many studies has shown the defect of the PDF file formats and are prone towards attacks thus such tools are being used to stop such action from happening. Therefore, stable updates online are also provided in order to fix and further troubleshoot the program from being too prone towards myriads of attacks as compared to other types of available solutions.

30

International Journal of Computational Intelligence and Information Security, November 2011 Vol. 2, No. 11

VI.

CONCLUSION

In a nutshell, privacy and forensics has been around for a very long time and it has influenced various individuals from different walks of lives, whether it is an organization or solely for individual purposes. Besides that, there are a lot of factors, technical and criminal which could generate some issues during the investigation. Similarly, it is also true that proper security analysis could become easier to accomplish in the future. However in this particular moment, even in presence of a possible implementation, this possibility is fairly remote. As for the future enhancements, deep considerations have been made that is based on various factors. First and foremost, low costs and security robustness make this approach more attractive security solution in privacy and security services compare to other existing security technologies. Secondly, user-friendliness plays a pivotal role in determining whether the privacy and security level is stable and intact.

REFERENCES
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] Dario Forte, Advances in Onion Routing: Description and backtracing/investigation problems, Adj Faculty University of Milano at Crema, 2005 Matthew Geiger and Lorrie Faith Cranor, An Evaluation of counter Privacy Forensics Tools, Carnegie Mellon University Martin Boldt and Bengt Carlsson, Analyzing Countermeasures Against Privacy-Invasive software, Blekinge Institute of Technology Sweden, 2006 Giannakis Antoniou, Campbell Wilson and Dimitris Geneiatakis, PPINA A forensic investigation Protocol for Privacy Enhancing Technologies, Caulfield East Melbourne Patrick Stahlberg, Gerome Miklau, and Brian Neil Levine, Threats to Privacy in the Forensics Analysis of Database Systems, University of Massachusetts Amherst Sebastian Gajek and Ahmad-Reza Sadeghi, A forensic Framework for tracing Phishers, Ruhr University Bochum, Germany Charles W.Adams, Legal Issues Pertaining to the development of Digital Forensic Tools, University of Tulsa College of Law Stefan Bottcher, Rita Hartel, Matthias Kirschner, Detecting Suspicious Relational Database Queries, University of Paderborn, Germany Kamil Reddy and Hein Venter, A Forensic Framework for handling information privacy incidents, 2009 Christian Moch and Felix C.Freiling, The forensic Image Generator Generator, Germany R. Dhanalakshmi and Dr. C. Chellappan, Detection and Recognition of File Masquerading for E-mail and Data Security, Chennai Sangjin Lee, Forensic Artifacts left by Virtual Disk Encryption Tools, Korea N.J. Croft and M.S. Olivier, Sequenced release of privacy-accurate information in a forensic investigation, University of Pretoria South Africa, 2007 Aniello Castiglione, Alfredo De Santis, Claudio Soriente, Security and privacy issues in the Portable Document Format, Italy, 2008

31