Evaluating tamper resistance of digital forensic artifacts during event reconstruction

Event reconstruction is a fundamental part of the digital forensic process, helping to answer key questions like who, what, when, and how. A common way of accomplishing that is to use tools to create timelines, which are then analyzed. However, various challenges exist, such as large volumes of data or contamination. While prior research has focused on simplifying timelines, less attention has been given to tampering, i.e., the deliberate manipulation of evidence, which can lead to errors in interpretation. This article addresses the issue by proposing a framework to assess the relative tamper resistance of different data sources used in event reconstruction. We discuss factors affecting data resilience, introduce a scoring system for evaluation, and illustrate its application with case studies. This work aims to improve the reliability of forensic event reconstruction by considering tamper resistance.

Metadaten
Author:	Céline Vanini, Chris Hargreaves, Frank Breitinger ORCiD GND
URN:	urn:nbn:de:bvb:384-opus4-1249616
Frontdoor URL	https://opus.bibliothek.uni-augsburg.de/opus4/124961
ISSN:	2576-5337OPAC
Parent Title (English):	Digital Threats: Research and Practice
Publisher:	Association for Computing Machinery (ACM)
Place of publication:	New York, NY
Type:	Article
Language:	English
Year of first Publication:	2025
Publishing Institution:	Universität Augsburg
Release Date:	2025/09/09
Volume:	6
Issue:	4
First Page:	29
DOI:	https://doi.org/10.1145/3765627
Institutes:	Fakultät für Angewandte Informatik
	Fakultät für Angewandte Informatik / Institut für Informatik
	Fakultät für Angewandte Informatik / Institut für Informatik / Lehrstuhl für Cybersicherheit
Dewey Decimal Classification:	0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 004 Datenverarbeitung; Informatik
Licence (German):	CC-BY-SA 4.0: Creative Commons: Namensnennung - Weitergabe unter gleichen Bedingungen

Open Access