Analysis of Evidence Using Formal Event Reconstruction

  • Joshua James
  • Pavel Gladyshev
  • Mohd Taufik Abdullah
  • Yuandong Zhu
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 31)


This paper expands upon the finite state machine approach for the formal analysis of digital evidence. The proposed method may be used to support the feasibility of a given statement by testing it against a relevant system model. To achieve this, a novel method for modeling the system and evidential statements is given. The method is then examined in a case study example.


Digital Forensics Event Reconstruction State Machine Automata Evidence Modeling 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Arasteh, A.R., Debbabi, M., Sakha, A., Saleh, M.: Analyzing multiple logs for forensic evidence. Digital Investigation 4, 82–91 (2007)CrossRefGoogle Scholar
  2. 2.
    Carrier, B.D.: A Hypothesis-Based Approach to Digital Forensic Investigations. PhD Thesis, Purdue University, CERIAS, West Lafayette (2006)Google Scholar
  3. 3.
    Carrier, B.D., Spafford, E.H.: Categories of digital investigation analysis techniques based on the computer history model. Digital Investigation 3(1), 121–130 (2006)CrossRefGoogle Scholar
  4. 4.
    Gladyshev, P.: Finite State Machine Analysis of a Blackmail Investigation. Internationl Journal of Digital Evidence 4(1), 1–13 (2005)Google Scholar
  5. 5.
    Gladyshev, P.: Formalising Event Reconstruction in Digital Investigations. State Machine Theory of Digital Forensic Analysis (August 2004), (retrieved January 12, 2009)
  6. 6.
    Gladyshev, P., Patel, A.: Finite State Machine Approach to Digital Event Reconstruction. Digital Investigation, 130–149 (2004)Google Scholar
  7. 7.
    Kozen, D.C.: Automata and Computability. In: Gries, D., Schneider, F. (eds.). Springer Science + Business Media, LLC, New York (1997)Google Scholar
  8. 8.
    Rekhis, S.: Theoretical Aspects of Digital Investigation of Security Incidents. The Communication Network and Security (CN&S) research Laboratory. Carthage: CN&S Research Lab (2008)Google Scholar
  9. 9.
    Stallard, T., Levitt, K.: Automated analysis for digital forensic science: Semantic integrity checking. In: 19th Annual Computer Security Applications Conference, Las Vegas (2003)Google Scholar
  10. 10.
    Warren, D.S.: Regular Expressions. Finite State Machines (July 31, 1999), (retrieved February 17, 2009)
  11. 11.
    Willassen, S.: Hypothesis-Based Investigation of Digital Timestamps. In: Ray, I., Shenoi, S. (eds.) IFIP International Federation for Information Processing. Advances in Digital Forensics IV, vol. 285, pp. 75–86 (2008)Google Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2010

Authors and Affiliations

  • Joshua James
    • 1
  • Pavel Gladyshev
    • 1
  • Mohd Taufik Abdullah
    • 2
  • Yuandong Zhu
    • 1
  1. 1.Centre for Cybercrime InvestigationUniversity College DublinDublinIreland
  2. 2.Department of Computer Science Faculty of Computer Science and Information TechnologyPutra University of MalaysiaSerdangMalaysia

Personalised recommendations