Andrea Geuna
Integration of Trusted Execution Environments and Digital Forensics for the Secure Preservation and Analysis of Digital Evidence.
Rel. Andrea Atzeni, Grazia D'Onghia. Politecnico di Torino, Master of science program in Cybersecurity, 2026
|
Preview |
PDF (Tesi_di_laurea)
- Thesis
Licence: Creative Commons Attribution Non-commercial No Derivatives. Download (2MB) | Preview |
![[thumbnail of Documenti_allegati]](https://webthesis.biblio.polito.it/style/images/fileicons/application_zip.png "Documenti_allegati")
|
Archive (ZIP) (Documenti_allegati)
- Other
Licence: Creative Commons Attribution Non-commercial No Derivatives. Download (184kB) |
Abstract
The traditional digital forensics tools, such as The Sleuth Kit(TSK), Autopsy and EnCase, are executed as normal processes in the user space, and they rely on the Operating System(OS) to access the disk and manage the memory. A compromised system could silently alter file content, forge metadata, or delete evidence during analysis, thereby compromising the integrity of the entire chain of custody. This thesis examines the integration of Intel Software Guard Extensions (SGX) with forensics analysis of disk images to address these limitations. The result is a framework that executes the SHA-256 hash calculation, maintains a tamper-evident record of the evidence through a cryptographic hash chain, and performs an ECDSA signature entirely within an SGX enclave.
The framework supports two modes of analysis: a standard mode that uses TSK for broad filesystem compatibility, and a secure mode that analyses only FAT32 images entirely within the enclave to provide robust guarantees
Relators
Academic year
Publication type
Number of Pages
Course of studies
Classe di laurea
Aziende collaboratrici
URI
 |
Modify record (reserved for operators) |
