Hash Tree-Based Device Fingerprinting Technique for Network Forensic Investigation

Forensic investigation of cybercrimes in ecommerce and banking portals is becoming increasingly difficult due to the inability of existing Internet protocols, to collect the necessary information as digital evidences. Present tools for investigation on Internet protocols tracks the attackers up to the ISP, only and the actual attacker’s location and machine may be tracked based on the information of ISP which is not primary evidence and also not acceptable evidence. According to the Indian Evidence Act Section 62 and also others, international act for evidence says, primary evidences are most superior class of evidences and admissible and acceptable at first place. This is only possible, if investigator proves that attacks have been occurred by using the device and evidence should prove that it has been happened by using the investigated device. Our proposed device fingerprinting technique uses the concept of hash tree and generates the device fingerprints which can be used as forensically sound evidence. In disputes, which has been caused by external attacks or the denial of client and business provider will be solved by analyzing the fingerprint collected in the form of digital evidence with every transaction. The fingerprint generated by the proposed system has all the characteristics stipulated by the court of law.