Finite state machine approach to digital event reconstruction

Gladyshev, Pavel; Patel, Ahmed

doi:10.1016/j.diin.2004.03.001

Cited by 82 publications

(69 citation statements)

References 1 publication

(1 reference statement)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The event reconstruction method in [20] describes the compromised system as a finite state machine (FSM). Then, in order to determine all possible scenarios of the incident, it backtraces transitions from the state in which the system was discovered.…”

Section: Miscellaneous Event Reconstruction Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Event reconstruction using temporal pattern of file system modification

Soltani

Seno

Yazdi

2019

IET Information Security

View full text Add to dashboard Cite

Section: Miscellaneous Event Reconstruction Methodsmentioning

confidence: 99%

“…Correlationbased event reconstruction methods try to find some correlations among low-level pieces of evidence. Moreover, there are some miscellaneous event reconstruction methods in the literature [6,9,10,[20][21][22].…”

Section: Literature Reviewmentioning

confidence: 99%

Event reconstruction using temporal pattern of file system modification

Soltani

Seno

Yazdi

2019

IET Information Security

View full text Add to dashboard Cite

“…Event reconstruction in digital forensics has been defined in terms of finite state machines by Gladyshev and Patel [40]. However, it less formally refers to a process that can "convert the state of the [digital] objects into the events that caused the state" [17].…”

Section: Timeline/event Reconstructionmentioning

confidence: 99%

SoK

Hargreaves

Sheppard

et al. 2020

Proceedings of the 15th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Multi-year digital forensic backlogs have become commonplace in law enforcement agencies throughout the globe. Digital forensic investigators are overloaded with the volume of cases requiring their expertise compounded by the volume of data to be processed. Artificial intelligence is often seen as the solution to many big data problems. This paper summarises existing artificial intelligence based tools and approaches in digital forensics. Automated evidence processing leveraging artificial intelligence based techniques shows great promise in expediting the digital forensic analysis process while increasing case processing capacities. For each application of artificial intelligence highlighted, a number of current challenges and future potential impact is discussed.

show abstract

“…Gladyshev and Patel [16] propose a finite state machine (FSM) approach to formalize hypothesis generation of an incident in digital investigations. Formalization is done through defining the event reconstruction problem as finding all possible explanations for a given evidential statement with respect to the FSM.…”

Section: B Event Reconstructionmentioning

confidence: 99%

Software Engineering Challenges for Investigating Cyber-Physical Incidents

Alrimawi¹,

Pasquale²,

Nuseibeh³

2017

2017 IEEE/ACM 3rd International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS)

View full text Add to dashboard Cite

Cyber-Physical Systems (CPS) are characterized by the interplay between digital and physical spaces. This characteristic has extended the attack surface that could be exploited by an offender to cause harm. An increasing number of cyber-physical incidents may occur depending on the configuration of the physical and digital spaces and their interplay. Traditional investigation processes are not adequate to investigate these incidents, as they may overlook the extended attack surface resulting from such interplay, leading to relevant evidence being missed and testing flawed hypotheses explaining the incidents. The software engineering research community can contribute to addressing this problem, by deploying existing formalisms to model digital and physical spaces, and using analysis techniques to reason about their interplay and evolution. In this paper, we use a motivating example to describe some emerging software engineering challenges to support investigations of cyberphysical incidents. We review and critique existing research proposed to address these challenges, and sketch an initial solution based on a meta-model to represent cyber-physical incidents and a representation of the topology of digital and physical spaces that supports reasoning about their interplay.

show abstract

Finite state machine approach to digital event reconstruction

Cited by 82 publications

References 1 publication

Event reconstruction using temporal pattern of file system modification

Event reconstruction using temporal pattern of file system modification

SoK

Software Engineering Challenges for Investigating Cyber-Physical Incidents

Contact Info

Product

Resources

About