Finite state machine approach to digital event reconstruction

Authors:
Pavel Gladyshev;Ahmed Patel
Affiliations:
Computer Networks and Distributed Systems Research Group, Department of Computer Science, University College Dublin, Belfield, Dublin 4, Ireland, UK;Computer Networks and Distributed Systems Research Group, Department of Computer Science, University College Dublin, Belfield, Dublin 4, Ireland, UK
Venue:
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Year:
2004

Citing 0
Cited 10

Forensic analysis of logs: Modeling and verification

Knowledge-Based Systems
Using simplified event calculus in digital investigation

Proceedings of the 2008 ACM symposium on Applied computing
A Formal Approach for the Forensic Analysis of Logs

Proceedings of the 2006 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the fifth SoMeT_06
Towards automatic deduction and event reconstruction using Forensic Lucid and probabilities to encode the IDS evidence

RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Attribution of malicious behavior

ICISS'10 Proceedings of the 6th international conference on Information systems security
Towards designing a tool for event reconstruction using Gladyshev Approach

Proceedings of the 2011 ACM Symposium on Applied Computing
Digital forensic reconstruction and the virtual security testbed vise

DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Analyzing multiple logs for forensic evidence

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Forensic memory analysis: From stack and code to execution history

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Towards automated forensic event reconstruction of malicious code (poster abstract)

RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a rigorous method for reconstructing events in digital systems. It is based on the idea, that once the system is described as a finite state machine, its state space can be explored to determine all possible scenarios of the incident. To formalize evidence, the evidential statement notation is introduced. It represents the facts conveyed by the evidence as a series of witness stories that restrict possible computations of the finite state machine. To automate event reconstruction, a generic event reconstruction algorithm is proposed. It computes the set of all possible explanations for the given evidential statement with respect to the given finite state machine.