Secure and Trusted Environment as a Strategy to Maintain the Integrity and Authenticity of Digital Evidence

Abstract

The authenticity and the integrity of digital evidence are critical issues in digital forensics activities. Both aspects are directly related to the application of The Locard Exchange Principle (LEP), which is a basic principle of the existence of evidence in an event. This principle, not only applies before and at the time the event occurs, but also applies to the investigation process. In the handling of digital evidence, all activities to access the digital evidence are not likely to occur without the mediation of a set of instruments or applications, whereas every application is made possible for the existence of bugs. In addition, the presence of illegal access to the system, malicious software as well as vulnerabilities of a computer system are a number of potential problems that can have an impact on the change in the authenticity and the integrity of digital evidence. If this is the case, secure and trust characteristics that should appear in the activity of digital forensics may be reduced. This paper tries to discuss how the concept of a secure and trusted environment can be applied to maintain the authenticity and integrity of digital evidence. The proposed concept includes the unity of five components, namely standard and forensics policy, security policy, model and trusted management system, trusted computing, secure channel communication, and human factor. The ultimate purpose of this paper is to provide an overview of how the recommendation can be applied to meet the requirements of a secure and trusted environment in digital forensics for keeping the authenticity and the integrity of digital evidence. In general, this paper tends to explain a high-level concept and does not discuss low-level implementation of a secure and trusted environment.