Principles-driven forensic analysis

Authors:
Sean Peisert;Sidney Karin;Matt Bishop;Keith Marzullo
Affiliations:
University of California, San Diego, La Jolla, CA;University of California, San Diego, La Jolla, CA;University of California, Davis, Davis, CA;University of California, San Diego, La Jolla, CA
Venue:
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Year:
2005

Citing 13
Cited 5

Analyzing computer intrusions

Analyzing computer intrusions
Reflections on trusting trust

Communications of the ACM
A note on the confinement problem

Communications of the ACM
A requires/provides model for computer attacks

Proceedings of the 2000 workshop on New security paradigms
Bugs as deviant behavior: a general approach to inferring errors in systems code

SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
A "flight data recorder" for enabling full-system multiprocessor deterministic replay

Proceedings of the 30th annual international symposium on Computer architecture
Software Security Checklist for the Software Life Cycle

WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Automated Analysis for Digital Forensic Science: Semantic Integrity Checking

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Backtracking intrusions

ACM Transactions on Computer Systems (TOCS)
ReVirt: enabling intrusion analysis through virtual-machine logging and replay

OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
A categorization of computer security monitoring systems and the impact on the design of audit sources

A categorization of computer security monitoring systems and the impact on the design of audit sources
The insider problem revisited

NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Copilot - a coprocessor-based kernel runtime integrity monitor

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

Analysis of Computer Intrusions Using Sequences of Function Calls

IEEE Transactions on Dependable and Secure Computing
Computer forensics in forensis

ACM SIGOPS Operating Systems Review
Weaving ontologies to support digital forensic analysis

ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Liability in software engineering: overview of the LISE approach and illustration on a case study

Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Digital forensics on a virtual machine

Proceedings of the 49th Annual Southeast Regional Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

It is possible to enhance our understanding of what has happened on a computer system by using forensic techniques that do not require prediction of the nature of the attack, the skill of the attacker, or the details of the system resources or objects affected. These techniques address five fundamental principles of computer forensics. These principles include recording data about the entire operating system, particularly user space events and environments, and interpreting events at different layers of abstraction, aided by the context in which they occurred. They also deal with modeling the recorded data as a multi-resolution, finite state machine so that results can be established to a high degree of certainty rather than merely inferred.