We help IT Professionals succeed at work.

Fraud and Security

Medium Priority
297 Views
Last Modified: 2012-05-06
Hey guys,

I wish to know if there is a way to find out if a file i have received via email or other means
is the original file or if that file has been changed.

I'll explain the scenario:
A user using a platform i work with send me the client logs of that platform,
I suspect that user tempered with the log file he sent me.
I wish to know if the file has been edited or what was the data before.
I would even settle for all the time stamps of the file.

thanks
Comment
Watch Question

What kind of "platform" are you talking about? What application generated the log file?

Also, what format is the log file you received? Is it a text file? XML? zip?


Any electronic file can be altered without you knowing about. When I say any, I mean ANY.  It's pure physics. This of course depends on the knowledge of the person modifying the original file.  If you don't know what you are doing, you can leave electronic finger prints which can easily be seen.  Like you said, you could check the time stamp.  But of course the time stamp can be easily modified by back setting the system clock.

The best method is to store your original file in a format that the end user cant easily modify like encrypting it. You could also run a CRC on the original file and have the end user send you both, the CRC and the original file.  If the CRC that they send you does not match, you know its been modified.

If you cant modify the original system and dont have access to it, you can use a social engineering technique.   Have your end user send you the original file.  Wait a set amount of time and make up some excuse to have them send it to you again.  They will most likely not have kept the original file and thus wont be able to reproduce it, at least not exactly.  You can then compare the two to see if they are the same.  
Exec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
I will say that you can consider the following:
a) Send S/MIME email (with encryption and signature) for data confidentiality and integrity. It will not be easy to tamper with the email as well as the attachment. This support is already available in outlook or if not try out OpenPGP  

b) Simply, create a signature for the file (target) with a know preshared password (deter easy tampering),  e.g. creating HMAC-SHA1. You can use the HashCalc (http://3d2f.com/programs/22-623-hashcalc-download.shtml) to create this signature.

c) If you preferred even simpler approach using just a hash (like CRC but stronger 'mixing' algorithm), you may like to send out the hash through out of band channel (maybe SMS). So that the file and hash does not co-exist as it is susceptible to tampering. If not the hash need to be protected, like the case mentioned in (a) or (b)    

Overall, the hash created can be used to detect the target changes.

Hope it helps

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.