Skip to main content

Analysis of Evidence Using Formal Event Reconstruction

  • Conference paper

Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST,volume 31)

Abstract

This paper expands upon the finite state machine approach for the formal analysis of digital evidence. The proposed method may be used to support the feasibility of a given statement by testing it against a relevant system model. To achieve this, a novel method for modeling the system and evidential statements is given. The method is then examined in a case study example.

Keywords

  • Digital Forensics
  • Event
  • Reconstruction
  • State Machine
  • Automata
  • Evidence Modeling

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-11534-9_9
  • Chapter length: 14 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   74.99
Price excludes VAT (USA)
  • ISBN: 978-3-642-11534-9
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   99.00
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Arasteh, A.R., Debbabi, M., Sakha, A., Saleh, M.: Analyzing multiple logs for forensic evidence. Digital Investigation 4, 82–91 (2007)

    CrossRef  Google Scholar 

  2. Carrier, B.D.: A Hypothesis-Based Approach to Digital Forensic Investigations. PhD Thesis, Purdue University, CERIAS, West Lafayette (2006)

    Google Scholar 

  3. Carrier, B.D., Spafford, E.H.: Categories of digital investigation analysis techniques based on the computer history model. Digital Investigation 3(1), 121–130 (2006)

    CrossRef  Google Scholar 

  4. Gladyshev, P.: Finite State Machine Analysis of a Blackmail Investigation. Internationl Journal of Digital Evidence 4(1), 1–13 (2005)

    Google Scholar 

  5. Gladyshev, P.: Formalising Event Reconstruction in Digital Investigations. State Machine Theory of Digital Forensic Analysis (August 2004), http://formalforensics.org/publications/thesis/index.html (retrieved January 12, 2009)

  6. Gladyshev, P., Patel, A.: Finite State Machine Approach to Digital Event Reconstruction. Digital Investigation, 130–149 (2004)

    Google Scholar 

  7. Kozen, D.C.: Automata and Computability. In: Gries, D., Schneider, F. (eds.). Springer Science + Business Media, LLC, New York (1997)

    Google Scholar 

  8. Rekhis, S.: Theoretical Aspects of Digital Investigation of Security Incidents. The Communication Network and Security (CN&S) research Laboratory. Carthage: CN&S Research Lab (2008)

    Google Scholar 

  9. Stallard, T., Levitt, K.: Automated analysis for digital forensic science: Semantic integrity checking. In: 19th Annual Computer Security Applications Conference, Las Vegas (2003)

    Google Scholar 

  10. Warren, D.S.: Regular Expressions. Finite State Machines (July 31, 1999), http://www.cs.sunysb.edu/~warren/xsbbook/node39.html (retrieved February 17, 2009)

  11. Willassen, S.: Hypothesis-Based Investigation of Digital Timestamps. In: Ray, I., Shenoi, S. (eds.) IFIP International Federation for Information Processing. Advances in Digital Forensics IV, vol. 285, pp. 75–86 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

James, J., Gladyshev, P., Abdullah, M.T., Zhu, Y. (2010). Analysis of Evidence Using Formal Event Reconstruction. In: Goel, S. (eds) Digital Forensics and Cyber Crime. ICDF2C 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 31. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11534-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11534-9_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11533-2

  • Online ISBN: 978-3-642-11534-9

  • eBook Packages: Computer ScienceComputer Science (R0)