A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Computer forensics: incident response essentials
Computer forensics: incident response essentials
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Practical automated detection of stealthy portscans
Journal of Computer Security
A new logic for electronic commerce protocols
Theoretical Computer Science - Special issue: Algebraic methodology and software technology
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Automated Analysis for Digital Forensic Science: Semantic Integrity Checking
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Security Warrior
The Windows Server 2003 Security Log Revealed
The Windows Server 2003 Security Log Revealed
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Finite state machine approach to digital event reconstruction
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
The increasing trend of computer crimes has intensified the relevance of cyber-forensics. In such a context, forensic analysis plays a major role by analyzing the evidence gathered from the crime scene and corroborating facts about the committed crime. In this paper, we propose a formal approach for the forensic log analysis. The proposed approached is based on the logical modelling of the events and the traces of the victim system as formulas over a modified version of the ADM logic[12]. In order to illustrate the proposed approach, the Windows auditing system[21] is studied. We will discuss the importance of the different features of such a system from the forensic standpoint (e.g. the ability to log accesses to specific files and registry keys and the abundance of information that can be extracted from these logs). Furthermore, we will capture logically: Invariant properties of a system, forensic hypotheses, generic or specific attack signatures. Moreover, we will discuss the admissibility of forensics hypotheses and the underlying verification issues.