The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Analyzing computer intrusions
Secure audit logs to support computer forensics
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
Communications of the ACM
ACM Transactions on Information and System Security (TISSEC)
A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony As An Expert Technical Witness
"Why 6?" Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
eXpert-BSM: A Host-Based Intrusion Detection Solution for Sun Solaris
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Automated Analysis for Digital Forensic Science: Semantic Integrity Checking
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Forensic Discovery
ACM Transactions on Computer Systems (TOCS)
File System Forensic Analysis
Forensic Analysis of File System Intrusions Using Improved Backtracking
IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Providing process origin information to aid in computer forensic investigations
Journal of Computer Security
BugNet: Continuously Recording Program Execution for Deterministic Replay Debugging
Proceedings of the 32nd annual international symposium on Computer Architecture
Remote Physical Device Fingerprinting
IEEE Transactions on Dependable and Secure Computing
A categorization of computer security monitoring systems and the impact on the design of audit sources
Pervasive binding of labels to system processes
Pervasive binding of labels to system processes
Principles-driven forensic analysis
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
A hypothesis-based approach to digital forensic investigations
A hypothesis-based approach to digital forensic investigations
Data remanence in semiconductor devices
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Analysis of Computer Intrusions Using Sequences of Function Calls
IEEE Transactions on Dependable and Secure Computing
Toward Models for Forensic Analysis
SADFE '07 Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering
Defining a Process Model for Forensic Analysis of Digital Devices and Storage Media
SADFE '07 Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering
An Ad Hoc Review of Digital Forensic Models
SADFE '07 Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering
SADFE '07 Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering
A model of forensic analysis using goal-oriented logging
A model of forensic analysis using goal-oriented logging
Communications of the ACM
Intrusion detection using sequences of system calls
Journal of Computer Security
I Am a Scientist, Not a Philosopher!
IEEE Security and Privacy
On the difficulty of validating voting machine software with software
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Trail of bytes: efficient support for forensic analysis
Proceedings of the 17th ACM conference on Computer and communications security
Robust performance testing for digital forensic tools
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
Different users apply computer forensic systems, models, and terminology in very different ways. They often make incompatible assumptions and reach different conclusions about the validity and accuracy of the methods they use to log, audit, and present forensic data. In fact, it can be hard to say who, if anyone is right. We present several forensic systems and discuss situations in which they produce valid and accurate conclusions and also situations in which their accuracy is suspect. We also present forensic models and discuss areas in which they are useful and areas in which they could be augmented. Finally, we present some recommendations about how computer scientists, forensic practitioners, lawyers, and judges could build more complete models of forensics that take into account appropriate legal details and lead to scientifically valid forensic analysis.