Finding the Evidence in Tamper-Evident Logs

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Daniel Sandler Articles by Kyle Derr Articles by Scott Crosby Articles by Dan S. Wallach

2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering

May 22-May 22

ISBN: 978-0-7695-3171-7

	ASCII Text	x
	Daniel Sandler, Kyle Derr, Scott Crosby, Dan S. Wallach, "Finding the Evidence in Tamper-Evident Logs," Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on, pp. 69-75, 2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering, 2008.

	BibTex	x
	@article{ 10.1109/SADFE.2008.22, author = {Daniel Sandler and Kyle Derr and Scott Crosby and Dan S. Wallach}, title = {Finding the Evidence in Tamper-Evident Logs}, journal ={Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3171-7}, pages = {69-75}, doi = {http://doi.ieeecomputersociety.org/10.1109/SADFE.2008.22}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on TI - Finding the Evidence in Tamper-Evident Logs SN - 978-0-7695-3171-7 SP69 EP75 A1 - Daniel Sandler, A1 - Kyle Derr, A1 - Scott Crosby, A1 - Dan S. Wallach, PY - 2008 KW - tamper evidence KW - secure logs KW - hash chaining KW - predicate logic KW - query processing VL - 0 JA - Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on ER -

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SADFE.2008.22

Secure logs are powerful tools for building systems that must resist forgery, prove temporal relationships, and stand up to forensic scrutiny. The proofs of order and integrity encoded in these tamper-evident chronological records, typically built using hash chaining, may be used by applications to enforce operating constraints or sound alarms at suspicious activity. However, existing research stops short of discussing how one might go about automatically determining whether a given secure log satisfies a given set of constraints on its records. In this paper, we discuss our work on Querifier, a tool that accomplishes this. It can be used offline as an analyzer for static logs, or online during the runtime of a logging application. Querifier rules are written in a flexible pattern-matching language that adapts to arbitrary log structures; given a set of rules and available log data, Querifier presents evidence of correctness and offers counter examples if desired. We describe Querifier's implementation and offer early performance results.

Index Terms:

tamper evidence, secure logs, hash chaining, predicate logic, query processing

Citation:

Daniel Sandler, Kyle Derr, Scott Crosby, Dan S. Wallach, "Finding the Evidence in Tamper-Evident Logs," sadfe, pp.69-75, 2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.