Abstract
Research in computer and network forensic investigation has recently addressed the development of procedural guidelines, technical documents, and semi-automation tools. It has however omitted the need of formal proof. This work provides a novel approach that formalizes and automates the proof in digital forensic investigation. First, it brings out a formal logic-based language, called S-TLA + , to enable reasoning on systems with uncertainty, by adding forward hypotheses to fulfill potential lack of details. S-TLA + is suitable for the description of evidences, as well as elementary scenarios fragments representing the investigators knowledge. Secondly, the proposal provides an automated verification tool, S-TLC, to prove the correctness of S-TLA + specifications. It checks whether there are possible hacking scenarios that meet the available digital evidences, and explores additional evidences. To demonstrate its effectiveness, the formalized analysis is applied on a compromised host.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Kruse, W.G., Heiser, J.G.: Computer Forensics: Incident Response Essentials. Pearson Education, London (2001)
Stephenson, P.: Modeling of post-incident root cause analysis. International Journal of Digital Evidence 2(2) (2003)
Elsaesser, C., Tanner, M.C.: Automated diagnosis for computer forensics. tech. rep., The MITRE Corporation (2001)
Stallard, T., Levitt, K.: Automated analysis for digital forensic science: Semantic integrity checking. In: Proceedings of the 19th Annual Computer Security Applications Conference (2003)
Rekhis, S., Boudriga, N.: A Formal Logic-based Language and an Automated Verification Tool For Computer Forensic Investigation. In: Proceedings of the 20th ACM Symposium on Applied Computing (SAC 2005) (2005)
Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley, Reading (2002)
Yu, Y., Manolios, P., Lamport, L.: Model checking TLA+ specifications. In: Conference on Correct Hardware Design and Verification Methods, pp. 54–66 (1999)
Keppens, J., Zeleznikow, J.: A model based reasoning approach for generating plausible crime scenarios from evidence. In: Proceedings of the 9th International Conference on Artificial Intelligence and Law (2003)
Lamport, L.: The temporal logic of actions. ACM Transactions on Programming Languages and Systems 16, 872–923 (1994)
de Kleer, J.: An assumption-based TMS. Artificial Intelligence 28(2), 127–162 (1986)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rekhis, S., Boudriga, N. (2005). A Temporal Logic-Based Model for Forensic Investigation in Networked System Security. In: Gorodetsky, V., Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2005. Lecture Notes in Computer Science, vol 3685. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560326_25
Download citation
DOI: https://doi.org/10.1007/11560326_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29113-8
Online ISBN: 978-3-540-31998-6
eBook Packages: Computer ScienceComputer Science (R0)