Analysis of Evidence Using Formal Event Reconstruction

James, Joshua I.; Gladyshev, Pavel; Abdullah, Mohd Taufik; Zhu, Yuandong

doi:10.1007/978-3-642-11534-9_9

Cited by 23 publications

(20 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These automatic extractors, a widely used concept, can also generate the timeline as in FORE (Schatz et al, 2004), FACE (Case et al, 2008), CyberForensic TimeLab (Olsson and Boldt, 2009), Plaso and PyDFT (Hargreaves and Patterson, 2012). However, in some approaches including (Gladyshev and Patel, 2004) and (James et al, 2010), the lack of automation seems difficult to address and they present very high complexity (combinatorial explosion).…”

Section: Data Volumementioning

confidence: 97%

“…Second, the use of finite state machine is very time consuming when used in real case. (James et al, 2010) propose to convert the finite state machine into a deterministic finite state machine to limit the exponential growth of the size of the machine and therefore the number of scenarii to examine during the backtracking algorithm. Despite the reduction in size of the state machine, the experiments show that the approach still not be able to be used on real forensic cases.…”

Section: Data Volumementioning

confidence: 99%

See 1 more Smart Citation

An ontology-based approach for the reconstruction and analysis of digital incidents timelines

Chabot

Bertaux

Nicolle

et al. 2015

Digital Investigation

View full text Add to dashboard Cite

Section: Data Volumementioning

confidence: 97%

Section: Data Volumementioning

confidence: 99%

An ontology-based approach for the reconstruction and analysis of digital incidents timelines

Chabot

Bertaux

Nicolle

et al. 2015

Digital Investigation

View full text Add to dashboard Cite

“…Generally speaking, the cache needs 4 MB or one percent of the logical drive size, depending on which is greater. In order to identify the correct location of the cache for each user under Windows, the registry hive for the particular user must be examined for some cases [12,16].…”

Section: Literature Reviewsmentioning

confidence: 99%

Online Social Snapshots of a Generic Facebook Session Based on Digital Insight Data for a Secure Future IT Environment

Chu

Park

2015

Symmetry

View full text Add to dashboard Cite

Physical memory acquisition has been an import facet for digital forensics (DF) specialists due to its volatile characteristics. Nowadays, thousands of millions of global participants utilize online social networking (OSN) mechanisms to expand their social lives, ranging from business-oriented purposes to leisure motivations. Facebook (FB) is one of the most dominant social networking sites (SNS) available today. Unfortunately, it has been a major avenue for cybercriminals to commit illegal activities. Therefore, the digital traces of previous sessions of an FB user play an essential role as the first step for DF experts to pursue the disclosure of the identity of the suspect who was exploiting FB. In this research work, we provide a systematic methodology to reveal a previous session of an FB identity, as well as his/her partial social circle via collecting, analyzing, preserving and presenting the associated digital traces to obtain the online social snapshots of a specific FB user who was utilizing a computing device with Internet Explorer (IE) 10 without turning off the power of the gadget. This novel approach can be a paradigm for how DF specialists ponder the crime scene to conduct the first response in order to avoid the permanent loss of the precious digital evidence in previous FB sessions. The hash values of the image files of the random access memory (RAM) of the computing device have proven to be identical before and after forensics operations, which could be probative evidence in a court of law. OPEN ACCESSSymmetry 2015, 7 547

show abstract

“…Examples of investigation graphs consist primarily of scenario graphs, forensics graphs, logic exploitation graphs, attack graphs, and evidence graphs [6]. The digital systems can be described mathematically as a finite state machine and can represents this information in the form of a graph (nodes and arrows) [7]. Figure 1 shows the cyber-crime management chain, it consists of four stages namely; proactive (readiness), active, reactive and awareness.…”

Section: Introductionmentioning

confidence: 99%

Cyberspace Forensics Readiness and Security Awareness Model

Al-Mahrouqi¹,

Abdalla²,

Kechadi³

2015

ijacsa

View full text Add to dashboard Cite

Abstract-The goal of reaching a high level of security in wire-less and wired communication networks is continuously proving difficult to achieve. The speed at which both keepers and violators of secure networks are evolving is relatively close. Nowadays, network infrastructures contain a large number of event logs captured by Firewalls and Domain Controllers (DCs). However, these logs are increasingly becoming an obstacle for network administrators in analyzing networks for malicious activities. Forensic investigators mission to detect malicious activities and reconstruct incident scenarios is extremely complex considering the number, as well as the quality of these event logs. This paper presents the building blocks for a model for automated network readiness and awareness. The idea for this model is to utilize the current network security outputs to construct forensically comprehensive evidence. The proposed model covers the three vital phases of the cybercrime management chain, which are: 1) Forensics Readiness, 2) Active Forensics, and 3) Forensics Awareness.

show abstract

Analysis of Evidence Using Formal Event Reconstruction

Cited by 23 publications

References 5 publications

An ontology-based approach for the reconstruction and analysis of digital incidents timelines

An ontology-based approach for the reconstruction and analysis of digital incidents timelines

Online Social Snapshots of a Generic Facebook Session Based on Digital Insight Data for a Secure Future IT Environment

Cyberspace Forensics Readiness and Security Awareness Model

Contact Info

Product

Resources

About