• Corpus ID: 15568461

A Formalization of Digital Forensics

  title={A Formalization of Digital Forensics},
  author={Ryan Leigland and Axel W. Krings},
  journal={Int. J. Digit. EVid.},
Forensic investigative procedures are used in the case of an intrusion into a networked computer system to detect the scope or nature of the attack. In many cases, the forensic procedures employed are constructed in an informal manner that can impede the effectiveness or integrity of the investigation. We propose a formal model for analyzing and constructing forensic procedures, showing the advantages of formalization. A mathematical description of the model will be presented demonstrating the… 

A Formal Approach for the Forensic Analysis of Logs

A formal approach for the forensic log analysis is proposed based on the logical modelling of the events and the traces of the victim system as formulas over a modified version of the ADM logic.

Certificates for Verifiable Forensics

This work advocates the use of forensic certificates as intermediate artifacts between search and verification, and proposes a verification architecture that addresses the enormous size of digital forensics data sets.

A comprehensive digital forensic investigation process model

  • R. Montasari
  • Computer Science
    Int. J. Electron. Secur. Digit. Forensics
  • 2016
This paper proposes a model that is formal in that it can enable the digital forensic practitioners in following a uniform approach when carrying out investigations and that is generic in thatIt can be applied in the different environments of digital forensics.

Modelling and refinement of forensic data acquisition specifications

  • B. Aziz
  • Computer Science
    Digit. Investig.
  • 2014

Integrated Computer Forensics Investigation Process Model (ICFIPM) for Computer Crime Investigations

The proposed novel process model is aimed at addressing both the practical requirements of digital forensic practitioners and the needs of courts for a formal computer investigation process model which can be used to process the digital evidence in a forensically sound manner.

Considerations towards the development of a forensic evidence management system

The Biba Integrity Model is utilized to maintain the integrity of digital evidence within the FEMS, and Casey’s Certainty Scale is employed as the integrity classification scheme for assigning integrity labels to digitalevidence within the system.

Implementation of digital forensics investigations using a goal-driven approach for a questioned contract

A new systematic process for describing digital investigations that focuses on forensic goals and anti-forensic obstacles and their operationalisation in terms of human and software actions is introduced.

Information and Communication Systems e-Forensic Framework

The analysis of current legal standards and methods used to perform e- Forensics is presented in the paper as well as the proposal of performing e-Forensics with defined procedures and methods with possible application on each and every entity in information and communication system.

The Standardised Digital Forensic Investigation Process Model (SDFIPM)

This chapter makes a novel contribution by proposing the Advanced Investigative Process Model (the SDFIPM) for Conducting Digital Forensic Investigations, encompassing the ‘middle part’ of the digital investigative process, which is formal in that it synthesizes, harmonises and extends the existing models, and which is generic in thatIt can be applied in the three fields of law enforcement, commerce and incident response.

A hypothesis-based approach to digital forensic investigations

This work formally defines a digital forensic investigation and categories of analysis techniques. The definitions are based on an extended finite state machine (FSM) model that was designed to



Defining Digital Forensic Examination and Analysis Tool Using Abstraction Layers

The nature of tools in digital forensics is examined and a discussion of the definitions, properties, and error types of abstraction layers when used with digital forensic analysis tools is discussed.

What is forensic computing

An overview of the field of forensic computing is provided of the process of identifying, preserving, analysing and presenting digital evidence in a manner that is legally acceptable.

Computer abuse, information technologies and judicial affairs

The University of Delaware’s efforts to control and prevent online crime while maintaining the open network access required for teaching, research and collaboration by faculty and students are discussed.

Crime and punishment in cyberspace: dealing with law enforcement and the courts

This paper will provide some practical advice based on the experiences and interactions of the co-authors on how to cooperate with an investigation while protecting the legal interests of your institution and its user community.

Computer Forensics Education

The application of science and education to computer-related crime forensics is still largely limited to law enforcement organizations. Building a suitable workforce development program could support

Modeling of Post-Incident Root Cause Analysis

Because digital incidents are not always from an external source, the focus often is upon the internal network and the people who use it and the damage done during the incident.

The Law Enforcement and Forensic Examiner Introduction to Linux: A Beginner's Guide

  • The Law Enforcement and Forensic Examiner Introduction to Linux: A Beginner's Guide
  • 2004

The DoS Project's " trinoo " distributed denial of service attack tool

  • The DoS Project's " trinoo " distributed denial of service attack tool

Available: http://developer.apple.com/technicalnotes

  • International Journal of Digital Evidence Fall
  • 2004