Bibliographic Details
| Title: |
Development of a secure storage architecture for digital evidence ; Розробка архітектури безпечного сховища для цифрових доказів |
| Authors: |
Ларченко, Марина Олександрівна |
| Source: |
Technology audit and production reserves; Vol. 3 No. 2(83) (2025): Information and control systems; 33-43 ; Technology audit and production reserves; Том 3 № 2(83) (2025): Інформаційно-керуючі системи; 33-43 ; 2706-5448 ; 2664-9969 |
| Publisher Information: |
TECHNOLOGY CENTER PC® |
| Publication Year: |
2025 |
| Collection: |
Scientific Periodicals of Ukraine (Ukrainian Research and Academic Network) / Наукова періодика України |
| Subject Terms: |
digital forensics, memory dumps, cryptographic protection, cross-platform Python script, file system containers, “read-only” mode, цифрова криміналістика, дампи оперативної пам’яті, криптографічний захист, кросплатформенний Python-скрипт, контейнери файлової системи, режим “read-only” |
| Description: |
The object of the study is the process of generating, transmitting, and storing memory dumps within digital forensics. The problem being addressed is the insufficient level of security of existing methods of transmitting and storing digital evidence, which can lead to their compromise, loss of authenticity, and inadmissibility in court proceedings. As a result of the conducted research, an architecture for secure storage of digital evidence was developed, providing protection at the stages of acquisition, transportation, storage, and further analysis of memory dumps. A cross-platform Python script for automated memory dump acquisition was proposed, as well as a mechanism for secure transportation of evidence using cryptographic protection through the SCP protocol and authentication. The effectiveness of the combined use of SSH encryption, creation of file system containers in “read-only” mode, mandatory logging of all actions with digital evidence, and an integrated hash-checking mechanism for data integrity verification was demonstrated. The effectiveness of the proposed approach was assessed based on process modeling in a test environment. In particular, the collected memory dumps were transferred using a custom Python script using a "safe corridor" from the Kali Linux virtual machine to the Caine virtual machine to the created container in "read-only" mode. The integrity of the files after transportation and storage was checked using a hash sum comparison. A distinctive feature of the proposed model is a comprehensive approach to digital evidence protection, combining technical and organizational measures to ensure the authenticity and integrity of data. This allows solving the problem of compromising digital evidence and guarantees its judicial admissibility. The results obtained are explained by the implementation of cryptographic methods and compliance with digital forensics standards. The proposed methodology can be used in the practice of law enforcement agencies, forensic experts, as well as in the ... |
| Document Type: |
article in journal/newspaper |
| File Description: |
application/pdf |
| Language: |
English |
| Relation: |
https://journals.uran.ua/tarp/article/view/329386/319628; https://journals.uran.ua/tarp/article/view/329386 |
| Availability: |
https://journals.uran.ua/tarp/article/view/329386 |
| Rights: |
Авторське право (c) 2025 Maryna Larchenko ; http://creativecommons.org/licenses/by/4.0 |
| Accession Number: |
edsbas.DFFF0BD2 |
| Database: |
BASE |
Nájsť tento článok vo Web of Science