Skip to main content
Book cover

International Conference on Digital Forensics and Cyber Crime

ICDF2C 2009: Digital Forensics and Cyber Crime pp 85–98Cite as

Analysis of Evidence Using Formal Event Reconstruction

  • Conference paper

Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST,volume 31)

Abstract

This paper expands upon the finite state machine approach for the formal analysis of digital evidence. The proposed method may be used to support the feasibility of a given statement by testing it against a relevant system model. To achieve this, a novel method for modeling the system and evidential statements is given. The method is then examined in a case study example.

Keywords

  • Digital Forensics
  • Event
  • Reconstruction
  • State Machine
  • Automata
  • Evidence Modeling

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-11534-9_9
  • Chapter length: 14 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   74.99
Price excludes VAT (USA)
  • ISBN: 978-3-642-11534-9
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   99.00
Price excludes VAT (USA)
Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Arasteh, A.R., Debbabi, M., Sakha, A., Saleh, M.: Analyzing multiple logs for forensic evidence. Digital Investigation 4, 82–91 (2007)

    CrossRef  Google Scholar 

  2. Carrier, B.D.: A Hypothesis-Based Approach to Digital Forensic Investigations. PhD Thesis, Purdue University, CERIAS, West Lafayette (2006)

    Google Scholar 

  3. Carrier, B.D., Spafford, E.H.: Categories of digital investigation analysis techniques based on the computer history model. Digital Investigation 3(1), 121–130 (2006)

    CrossRef  Google Scholar 

  4. Gladyshev, P.: Finite State Machine Analysis of a Blackmail Investigation. Internationl Journal of Digital Evidence 4(1), 1–13 (2005)

    Google Scholar 

  5. Gladyshev, P.: Formalising Event Reconstruction in Digital Investigations. State Machine Theory of Digital Forensic Analysis (August 2004), http://formalforensics.org/publications/thesis/index.html (retrieved January 12, 2009)

  6. Gladyshev, P., Patel, A.: Finite State Machine Approach to Digital Event Reconstruction. Digital Investigation, 130–149 (2004)

    Google Scholar 

  7. Kozen, D.C.: Automata and Computability. In: Gries, D., Schneider, F. (eds.). Springer Science + Business Media, LLC, New York (1997)

    Google Scholar 

  8. Rekhis, S.: Theoretical Aspects of Digital Investigation of Security Incidents. The Communication Network and Security (CN&S) research Laboratory. Carthage: CN&S Research Lab (2008)

    Google Scholar 

  9. Stallard, T., Levitt, K.: Automated analysis for digital forensic science: Semantic integrity checking. In: 19th Annual Computer Security Applications Conference, Las Vegas (2003)

    Google Scholar 

  10. Warren, D.S.: Regular Expressions. Finite State Machines (July 31, 1999), http://www.cs.sunysb.edu/~warren/xsbbook/node39.html (retrieved February 17, 2009)

  11. Willassen, S.: Hypothesis-Based Investigation of Digital Timestamps. In: Ray, I., Shenoi, S. (eds.) IFIP International Federation for Information Processing. Advances in Digital Forensics IV, vol. 285, pp. 75–86 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre for Cybercrime Investigation, University College Dublin, Belfield, Dublin, 4, Ireland

    Joshua James, Pavel Gladyshev & Yuandong Zhu

  2. Department of Computer Science Faculty of Computer Science and Information Technology, Putra University of Malaysia, 43400, Serdang, Selangor, Malaysia

    Mohd Taufik Abdullah

Authors
  1. Joshua James
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pavel Gladyshev
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohd Taufik Abdullah
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yuandong Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. SUNY, School of Business, University of Albany, NY 12222, Albany, USA

    Sanjay Goel

Rights and permissions

Reprints and Permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

James, J., Gladyshev, P., Abdullah, M.T., Zhu, Y. (2010). Analysis of Evidence Using Formal Event Reconstruction. In: Goel, S. (eds) Digital Forensics and Cyber Crime. ICDF2C 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 31. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11534-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11534-9_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11533-2

  • Online ISBN: 978-3-642-11534-9

  • eBook Packages: Computer ScienceComputer Science (R0)