Applying Forensic Science to Trusted Enterprise Network
draft-mitchell-nwg-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Author | Leighton Mitchell | ||
| Last updated | 2010-01-26 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
The Trusted Platform Module, for the past decade, has shown potential to improve computer security. However, there is growing concerns that the Trusted Platform Module, and its related technologies might be challenging for Forensic Investigators to acquire and analyze certain digital evidence. For example, if the key evidence is encrypted, and cryptographically bound to a set of platform characteristics, then those characteristics must exist on the platform (that is being used to decrypt the evidence) before the evidence can be decrypted. As a result, it is believed that if a suspect cryptographically bound the evidence to the platform characteristics, and those characteristics in some way got changed, then it might not be possible to decrypt the potential evidence. For this reason, we explored how Trusted Platform Module and its related technologies might support digital forensic analysis within a trusted enterprise network.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)