Abstract
This paper expands upon the finite state machine approach for the formal analysis of digital evidence. The proposed method may be used to support the feasibility of a given statement by testing it against a relevant system model. To achieve this, a novel method for modeling the system and evidential statements is given. The method is then examined in a case study example.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Arasteh, A.R., Debbabi, M., Sakha, A., Saleh, M.: Analyzing multiple logs for forensic evidence. Digital Investigation 4, 82–91 (2007)
Carrier, B.D.: A Hypothesis-Based Approach to Digital Forensic Investigations. PhD Thesis, Purdue University, CERIAS, West Lafayette (2006)
Carrier, B.D., Spafford, E.H.: Categories of digital investigation analysis techniques based on the computer history model. Digital Investigation 3(1), 121–130 (2006)
Gladyshev, P.: Finite State Machine Analysis of a Blackmail Investigation. Internationl Journal of Digital Evidence 4(1), 1–13 (2005)
Gladyshev, P.: Formalising Event Reconstruction in Digital Investigations. State Machine Theory of Digital Forensic Analysis (August 2004), http://formalforensics.org/publications/thesis/index.html (retrieved January 12, 2009)
Gladyshev, P., Patel, A.: Finite State Machine Approach to Digital Event Reconstruction. Digital Investigation, 130–149 (2004)
Kozen, D.C.: Automata and Computability. In: Gries, D., Schneider, F. (eds.). Springer Science + Business Media, LLC, New York (1997)
Rekhis, S.: Theoretical Aspects of Digital Investigation of Security Incidents. The Communication Network and Security (CN&S) research Laboratory. Carthage: CN&S Research Lab (2008)
Stallard, T., Levitt, K.: Automated analysis for digital forensic science: Semantic integrity checking. In: 19th Annual Computer Security Applications Conference, Las Vegas (2003)
Warren, D.S.: Regular Expressions. Finite State Machines (July 31, 1999), http://www.cs.sunysb.edu/~warren/xsbbook/node39.html (retrieved February 17, 2009)
Willassen, S.: Hypothesis-Based Investigation of Digital Timestamps. In: Ray, I., Shenoi, S. (eds.) IFIP International Federation for Information Processing. Advances in Digital Forensics IV, vol. 285, pp. 75–86 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
James, J., Gladyshev, P., Abdullah, M.T., Zhu, Y. (2010). Analysis of Evidence Using Formal Event Reconstruction. In: Goel, S. (eds) Digital Forensics and Cyber Crime. ICDF2C 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 31. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11534-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-11534-9_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11533-2
Online ISBN: 978-3-642-11534-9
eBook Packages: Computer ScienceComputer Science (R0)