Reasoning with Cause and Effect
IJCAI '99 Proceedings of the Sixteenth International Joint Conference on Artificial Intelligence
Precise dynamic slicing algorithms
Proceedings of the 25th International Conference on Software Engineering
Program slices: formal, psychological, and practical investigations of an automatic program abstraction method
A Large-Scale Empirical Study of Forward and Backward Static Slice Size and Context Sensitivity
ICSM '03 Proceedings of the International Conference on Software Maintenance
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Cost effective dynamic program slicing
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Forensix: A Robust, High-Performance Reconstruction System
ICDCSW '05 Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05) - Volume 02
Cryptographic support for secure logs on untrusted machines
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Applying causal inference to understand emergent behavior
Proceedings of the 40th Conference on Winter Simulation
A framework for post-event timeline reconstruction using neural networks
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
Reconstructing the sequence of computer events that led to a particular event is an essential part of the digital investigation process. The ability to quantify the accuracy of automatic event reconstruction systems is an essential step in standardizing the digital investigation process thereby making it resilient to tactics such as the Trojan horse defense. In this paper, we present findings from an empirical study to measure and compare the accuracy and effectiveness of a suite of such event reconstruction techniques. We quantify (as applicable) the rates of false positives and false negatives, and scalability in terms of both computational burden and memory-usage. Some of our findings are quite surprising in the sense of not matching a priori expectations, and whereas other findings qualitatively match the a priori expectations they were never before quantitatively put to the test to determine the boundaries of their applicability. For example, our results show that automatic event reconstruction systems proposed in literature have very high false-positive rates (up to 96%).