Yuandong Zhu

Learn More
(This!paper!expands!upon!the!finite!state! machine!approach!for!the!formal!analysis!of! digital!evidence.!The!proposed!method!may! be!used!to!support!the!feasibility!of!a!given! statement!by!testing!it!against!a!relevant! system!model.!To!achieve!this,!a!novel! method!for!modeling!the!system!and! evidential!statements!is!given.!The!method!(More)
This paper proposes a novel method for checking the consistency of forensic registry artifacts by gathering event information from the arti-facts and analyzing the event sequences based on the associated times-tamps. The method helps detect the use of counter-forensic techniques without focusing on one particular counter-forensic tool at a time. Several(More)
This paper introduces a novel approach to user event reconstruction by showing the practicality of generating and implementing signature-based analysis methods to reconstruct high-level user actions from a collection of low-level traces found during a post-mortem forensic analysis of a system. Traditional forensic analysis and the inferences an investigator(More)
The Microsoft Windows registry is an important resource in digital forensic investigations. It contains information about operating system configuration, installed software and user activity. Several researchers have focused on the forensic analysis of the Windows registry, but a robust method for associating past events with registry data values extracted(More)
  • 1