Fraud and Security

Posted on 2009-02-12
Last Modified: 2012-05-06
Hey guys,

I wish to know if there is a way to find out if a file i have received via email or other means
is the original file or if that file has been changed.

I'll explain the scenario:
A user using a platform i work with send me the client logs of that platform,
I suspect that user tempered with the log file he sent me.
I wish to know if the file has been edited or what was the data before.
I would even settle for all the time stamps of the file.

Question by:fiktivo
    LVL 4

    Expert Comment

    What kind of "platform" are you talking about? What application generated the log file?

    Also, what format is the log file you received? Is it a text file? XML? zip?


    Expert Comment

    Any electronic file can be altered without you knowing about. When I say any, I mean ANY.  It's pure physics. This of course depends on the knowledge of the person modifying the original file.  If you don't know what you are doing, you can leave electronic finger prints which can easily be seen.  Like you said, you could check the time stamp.  But of course the time stamp can be easily modified by back setting the system clock.

    The best method is to store your original file in a format that the end user cant easily modify like encrypting it. You could also run a CRC on the original file and have the end user send you both, the CRC and the original file.  If the CRC that they send you does not match, you know its been modified.

    If you cant modify the original system and dont have access to it, you can use a social engineering technique.   Have your end user send you the original file.  Wait a set amount of time and make up some excuse to have them send it to you again.  They will most likely not have kept the original file and thus wont be able to reproduce it, at least not exactly.  You can then compare the two to see if they are the same.  
    LVL 60

    Accepted Solution

    I will say that you can consider the following:
    a) Send S/MIME email (with encryption and signature) for data confidentiality and integrity. It will not be easy to tamper with the email as well as the attachment. This support is already available in outlook or if not try out OpenPGP  

    b) Simply, create a signature for the file (target) with a know preshared password (deter easy tampering),  e.g. creating HMAC-SHA1. You can use the HashCalc ( to create this signature.

    c) If you preferred even simpler approach using just a hash (like CRC but stronger 'mixing' algorithm), you may like to send out the hash through out of band channel (maybe SMS). So that the file and hash does not co-exist as it is susceptible to tampering. If not the hash need to be protected, like the case mentioned in (a) or (b)    

    Overall, the hash created can be used to detect the target changes.

    Hope it helps

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    The way I use Experts Exchange to assist me in analyzing and diagnosing a problem is I first enter a Verbose Question at Experts Exchange like: Office 2007 will hang when opening and saving files I then launch WordPad (any text editor will do) an…
    The foremost challenge encountered by an investigator at the very beginning of a forensics investigation is, accessing a file/data to read/view its contents. Owing to the fact, a platform is necessary for both; opening as well as examining any file.…
    In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now