Artificial Intelligence
ACM Transactions on Programming Languages and Systems (TOPLAS)
Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers
Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers
Model Checking TLA+ Specifications
CHARME '99 Proceedings of the 10th IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods
Automated Analysis for Digital Forensic Science: Semantic Integrity Checking
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
A model based reasoning approach for generating plausible crime scenarios from evidence
ICAIL '03 Proceedings of the 9th international conference on Artificial intelligence and law
A formal logic-based language and an automated verification tool for computer forensic investigation
Proceedings of the 2005 ACM symposium on Applied computing
Visibility: a novel concept for characterising provable network digital evidences
International Journal of Security and Networks
Liability in software engineering: overview of the LISE approach and illustration on a case study
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Device temporal forensics: an information theoretic approach
ICIP'09 Proceedings of the 16th IEEE international conference on Image processing
Liability issues in software engineering: the use of formal methods to reduce legal uncertainties
Communications of the ACM
Hi-index | 0.02 |
Research in computer and network forensic investigation has recently addressed the development of procedural guidelines, technical documents, and semi-automation tools. It has however omitted the need of formal proof. This work provides a novel approach that formalizes and automates the proof in digital forensic investigation. First, it brings out a formal logic-based language, called S-TLA+, to enable reasoning on systems with uncertainty, by adding forward hypotheses to fulfill potential lack of details. S-TLA+ is suitable for the description of evidences, as well as elementary scenarios fragments representing the investigators knowledge. Secondly, the proposal provides an automated verification tool, S-TLC, to prove the correctness of S-TLA+ specifications. It checks whether there are possible hacking scenarios that meet the available digital evidences, and explores additional evidences. To demonstrate its effectiveness, the formalized analysis is applied on a compromised host.