Software issues in digital forensics

Whether we accept it or not, computer systems and the operating systems that direct them are at the heart of major forms of malicious activity. Criminals can use computers as the actual target of their malicious activity (stealing funds electronically from a bank) or use them to support the conduct of criminal activity in general (using a spreadsheet to track drug shipments). In either case, law enforcement needs the ability (when required) to collect evidence from such platforms in a reliable manner that preserves the fingerprints of criminal activity. Though such discussion touches on privacy issues and rules of legal veracity, we focus purely on technological support in this paper. Specifically, we examine and set forth principles of operating system (OS) design that may significantly increase the success of (future) forensic collection efforts. We lay out several OS design attributes that synergistically enhance forensics activities. Specifically, we pose the use of circuit encryption techniques to provide an additional layer of protection above hardware-enforced approaches. We conclude by providing an overarching framework to incorporate these enhancements within the context of OS design.