MS Olivier, "Forensics and Privacy-enhancing Technologies - Logging and Collecting Evidence in Flocks," in M Pollitt and S Shenoi (eds), Advances in Digital Forensics, Springer, 2005
Flocks is a Privacy-enhancing Technology used to hide the Web usage patterns of employees in an organisation against profiling or mere inspection by administrators and other officials. However, Flocks is intended to support identification of senders of malicious requests by means of a legitimate forensics investigation.
The purpose of the paper is twofold. Firstly, it formalises what should be logged for an appropriate forensics investigation. Secondly, exactly what evidence should be explored once a malicious request has been noticed, is considered. It is argued that (i) evidence that would have been collected about a malicious request if the PET were not used, should still be collected, and (ii) evidence that becomes visible by some legitimate means \emph{because} the PET is used, should be collected. However, information that has not become visible by such legitimate means, but is available because the PET is being used, should not be collected. In the latter case privacy concerns override the fact that a malicious request might be uncovered by investigating more logged information. These positions are defended and formalised using mathematical notation.
Privacy-enhancing Technologies (PETs), Logging, Evidence collection
@INPROCEEDINGS(flfor,
AUTHOR={Martin S Olivier},
TITLE={Forensics and Privacy-enhancing Technologies ---
Logging and Collecting Evidence in {F}locks},
PAGES={17--31},
BOOKTITLE={Advances in Digital Forensics},
EDITOR={Mark Pollitt and Sujeet Shenoi},
YEAR={2005},
PUBLISHER={Springer} )
The full text may be downloaded from http://mo.co.za/ask/flfor.pdf (PDF, 96K) (©IFIP).
Note that a username and password are required to download the full text. (Why?) Please e-mail me and I will send you a username and password.
[Publications]
[Home]
Page maintained by
Martin Olivier
Last update: 20 December 2005