Application of Message Digests for the Verification of Logical Forensic Data
Mokhonoana and Olivier
2008
Citation information
P. M. Mokhonoana and
M. S. Olivier. “Application of Message Digests for the Verification of Logical
Forensic Data”. In: Proceedings of the ISSA 2008 Innovative Minds Conference.
Ed. by H. S. Venter, M. M. Eloff, J. H. P. Eloff, and L. Labuschagne. (Published
electronically). Johannesburg, South Africa, July 2008 
Abstract
A message digest is a fixed length output produced by applying a cryptographic algorithm on input binary data of arbitrary length. If the input data changes even by one bit, the generated message digest will be completely different from the original. This is used in digital investigations to verify that stored digital evidence has not been tampered with.
This technique has been applied successfully on physical disk images because there is only one continuous stream of data. However, this is not applicable to logical disk images where there is no obvious or standard method of concatenating the data to produce an output message digest. This paper describes the diffculties that complicate the computation of a message digest for logical data. In addition, a candidate process for calculating a verification value for computer forensic evidence for logical data, regardless of its underlying representation is given. This method is presented in the context of cellphone forensics.
Full text
A pre- or postprint of the
publication is available at https://mo.co.za/open/logicaldata.pdf. 
BibTeX
reference
@inproceedings(logicaldata,author={Pontjho M Mokhonoana and Martin S Olivier},
title={Application of Message Digests for the Verification of Logical Forensic Data},
booktitle={Proceedings of the ISSA 2008 Innovative Minds Conference},
editor={Hein S Venter and Mariki M Eloff and Jan H P Eloff and Les Labuschagne},
address={Johannesburg, South Africa},
month=jul,
year={2008},
note={(Published electronically)} )