Abstract
The results of the evidence analysis phase in Digital Forensics (DF) provide objective data which however require further elaboration by the investigators: in fact, they must contextualize analysis results within an investigative environment so as to provide possible hypotheses that can be proposed as proofs in court, to be evaluated by lawyers and judges. Aim of our research has been that of exploring the applicability of Answer Set Programming (ASP) to the automatization of evidence analysis. This brings many advantages, among which that of making different possible investigative hypotheses explicit, whereas different human experts working on the case often devise and select, relying on intuition, discordant interpretations. Very complex investigations for which human experts can hardly find solutions turn out in fact to be reducible to optimization problems in classes P or NP or not far beyond, that can thus be expressed in ASP. As a proof of concept, in this paper we present the formulation of some real investigative cases via simple ASP programs, and discuss how this leads to the formulation of concrete investigative hypotheses.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The Police branch of the Italian Army http://www.carabinieri.it.
- 2.
Master File Table: structured block table containing the attributes of all files in the volume of NTFS file systems, which are those used in Windows operating systems.
- 3.
As mentioned, known.met is a file of the widely-used eMule file-exchange application that stores the statistics of all files that the software shared, all files present in the download list and downloaded in the past.
- 4.
For lack of space we cannot provide the pertinent bibliography: please refer to [9] and to the references therein.
References
Casey, E.: Handbook of Digital Forensics and Investigation. Elsevier, California (2009)
Casey, E.: Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet. Elsevier, London (2011). books.google.com
Gelfond, M., Lifschitz, V.: The stable model semantics for logic programming. In: Kowalski, R., Bowen, K. (eds.) Proceedings of the 5th International Conference and Symposium on Logic Programming, pp. 1070–1080. MIT Press (1988)
Gelfond, M., Lifschitz, V.: Classical negation in logic programs and disjunctive databases. New Gener. Comput. 9, 365–385 (1991)
Baral, C.: Knowledge Representation, Reasoning and Declarative Problem Solving. Cambridge University Press, Cambridge (2003)
Leone, N.: Logic programming and nonmonotonic reasoning: from theory to systems and applications. In: Baral, C., Brewka, G., Schlipf, J. (eds.) LPNMR 2007. LNCS (LNAI), vol. 4483, p. 1. Springer, Heidelberg (2007)
Truszczyński, M.: Logic programming for knowledge representation. In: Dahl, V., Niemelä, I. (eds.) ICLP 2007. LNCS, vol. 4670, pp. 76–88. Springer, Heidelberg (2007)
Costantini, S., DeGasperis, G., Olivieri, R.: How answer set programming can help in digital forensic investigation. In: Ancona, D., Maratea, M., Mascardi, V. (eds.) 30th Convegno Italiano di Logica Computazionale (Italian Conference on Computational Logic), CILC2015, Proceedings, University of Genova (2015). To appear on CEUR Workshop Proceedings. http://cilc2015.dibris.unige.it
Cabalar, P.: Causal logic programming. In: Erdem, E., Lee, J., Lierler, Y., Pearce, D. (eds.) Correct Reasoning. LNCS, vol. 7265, pp. 102–116. Springer, Heidelberg (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Costantini, S., De Gasperis, G., Olivieri, R. (2015). Digital Forensics Evidence Analysis: An Answer Set Programming Approach for Generating Investigation Hypotheses. In: Calimeri, F., Ianni, G., Truszczynski, M. (eds) Logic Programming and Nonmonotonic Reasoning. LPNMR 2015. Lecture Notes in Computer Science(), vol 9345. Springer, Cham. https://doi.org/10.1007/978-3-319-23264-5_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-23264-5_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23263-8
Online ISBN: 978-3-319-23264-5
eBook Packages: Computer ScienceComputer Science (R0)