skip to main content
10.1145/1066677.1066745acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
Article

A formal logic-based language and an automated verification tool for computer forensic investigation

Published: 13 March 2005 Publication History

Abstract

In this paper, a formal logic-based language, called S-TLA+, is proposed for computer forensic investigation. It allows an unambiguous description of evidences, a modeling of the forensic expert knowledge in the form of hacking scenarios fragments, and a reasoning capability with uncertainty by filling in potential lack of data with hypotheses. The proposal is complemented by an automated formal verification tool, called S-TLC which helps exploring additional evidences and checks whether there are plausible hacking scenarios that meet the available evidences.

References

[1]
De Kleer, J. An assumption-based TMS. Artificial Intelligence 28, 2 (1986), 127--162.
[2]
Elsaesse, C., and Tanner, M. C. Automated diagnosis for computer forensics. Tech. rep., The MITRE Corporation, 2001.
[3]
Keppens, J., and Zeleznikow, J. A model based reasoning approach for generating plausible crime scenarios from evidence. In Proceedings of the 9th International Conference on Artificial Intelligence and Law (2003).
[4]
Lamport, L. The temporal logic of actions. ACM Transactions on Programming Languages and Systems 16, 3 (May 1994), 872--923.
[5]
Lamport, L. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley, 2002.
[6]
Shanmugasundaram, K., and Memon, N. Automatic reassembly of document fragments via data compression. In Proceeding of the Digital Forensics Research Workshop (2002).
[7]
Stallard, T., and Levitt, K. Automated analysis for digital forensic science: Semantic integrity checking. In Proceeding of the 19th Annual Computer Security Applications Conference (2003).

Cited By

View all
  • (2023)A Formal Treatment of Expressiveness and Relevanceof Digital EvidenceDigital Threats: Research and Practice10.1145/36084854:3(1-16)Online publication date: 13-Jul-2023
  • (2007)Security policy validation using temporal executable specifications2007 IEEE International Conference on Systems, Man and Cybernetics10.1109/ICSMC.2007.4413742(2848-2853)Online publication date: Oct-2007
  • (2006)Opacity: A Theoretical Technique for Digital Investigation2006 2nd International Conference on Information & Communication Technologies10.1109/ICTTA.2006.1684942(3281-3286)Online publication date: 2006
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SAC '05: Proceedings of the 2005 ACM symposium on Applied computing
March 2005
1814 pages
ISBN:1581139640
DOI:10.1145/1066677
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 March 2005

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. S-TLA+
  2. S-TLC
  3. formal forensic investigation
  4. temporal logic of security actions

Qualifiers

  • Article

Conference

SAC05
Sponsor:
SAC05: The 2005 ACM Symposium on Applied Computing
March 13 - 17, 2005
New Mexico, Santa Fe

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25
The 40th ACM/SIGAPP Symposium on Applied Computing
March 31 - April 4, 2025
Catania , Italy

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)1
  • Downloads (Last 6 weeks)0
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)A Formal Treatment of Expressiveness and Relevanceof Digital EvidenceDigital Threats: Research and Practice10.1145/36084854:3(1-16)Online publication date: 13-Jul-2023
  • (2007)Security policy validation using temporal executable specifications2007 IEEE International Conference on Systems, Man and Cybernetics10.1109/ICSMC.2007.4413742(2848-2853)Online publication date: Oct-2007
  • (2006)Opacity: A Theoretical Technique for Digital Investigation2006 2nd International Conference on Information & Communication Technologies10.1109/ICTTA.2006.1684942(3281-3286)Online publication date: 2006
  • (2006)NIS08-4: Execution-based Digital Investigation on Compromised Systems with Automated Hypotheses GenerationIEEE Globecom 200610.1109/GLOCOM.2006.305(1-5)Online publication date: Nov-2006
  • (2005)A temporal logic-based model for forensic investigation in networked system securityProceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security10.1007/11560326_25(325-338)Online publication date: 25-Sep-2005

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media