?
Solved

Fraud and Security

Posted on 2009-02-12
3
Medium Priority
?
268 Views
Last Modified: 2012-05-06
Hey guys,

I wish to know if there is a way to find out if a file i have received via email or other means
is the original file or if that file has been changed.

I'll explain the scenario:
A user using a platform i work with send me the client logs of that platform,
I suspect that user tempered with the log file he sent me.
I wish to know if the file has been edited or what was the data before.
I would even settle for all the time stamps of the file.

thanks
0
Comment
Question by:fiktivo
3 Comments
 
LVL 4

Expert Comment

by:MalleusMaleficarum
ID: 23629659
What kind of "platform" are you talking about? What application generated the log file?

Also, what format is the log file you received? Is it a text file? XML? zip?


0
 

Expert Comment

by:TheSaint777
ID: 23635047
Any electronic file can be altered without you knowing about. When I say any, I mean ANY.  It's pure physics. This of course depends on the knowledge of the person modifying the original file.  If you don't know what you are doing, you can leave electronic finger prints which can easily be seen.  Like you said, you could check the time stamp.  But of course the time stamp can be easily modified by back setting the system clock.

The best method is to store your original file in a format that the end user cant easily modify like encrypting it. You could also run a CRC on the original file and have the end user send you both, the CRC and the original file.  If the CRC that they send you does not match, you know its been modified.

If you cant modify the original system and dont have access to it, you can use a social engineering technique.   Have your end user send you the original file.  Wait a set amount of time and make up some excuse to have them send it to you again.  They will most likely not have kept the original file and thus wont be able to reproduce it, at least not exactly.  You can then compare the two to see if they are the same.  
0
 
LVL 65

Accepted Solution

by:
btan earned 1500 total points
ID: 23679442
I will say that you can consider the following:
a) Send S/MIME email (with encryption and signature) for data confidentiality and integrity. It will not be easy to tamper with the email as well as the attachment. This support is already available in outlook or if not try out OpenPGP  

b) Simply, create a signature for the file (target) with a know preshared password (deter easy tampering),  e.g. creating HMAC-SHA1. You can use the HashCalc (http://3d2f.com/programs/22-623-hashcalc-download.shtml) to create this signature.

c) If you preferred even simpler approach using just a hash (like CRC but stronger 'mixing' algorithm), you may like to send out the hash through out of band channel (maybe SMS). So that the file and hash does not co-exist as it is susceptible to tampering. If not the hash need to be protected, like the case mentioned in (a) or (b)    

Overall, the hash created can be used to detect the target changes.

Hope it helps
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The way I use Experts Exchange to assist me in analyzing and diagnosing a problem is I first enter a Verbose Question at Experts Exchange like: Office 2007 will hang when opening and saving files I then launch WordPad (any text editor will do) an…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question