• Corpus ID: 17243746

Rigorous Development of Automated Inconsistency Checks for Digital Evidence Using the B Method

@article{Gladyshev2007RigorousDO,
  title={Rigorous Development of Automated Inconsistency Checks for Digital Evidence Using the B Method},
  author={Pavel Gladyshev and Andreas Enbacka},
  journal={Int. J. Digit. EVid.},
  year={2007},
  volume={6}
}
Inconsistencies in various data structures, such as missing log records and modified operating system files, have long been used by intrusion investigators and forensic analysts as indicators of suspicious activity. This paper describes a rigorous methodology for developing such inconsistency checks and verifying their correctness. It is based on the use of the B Method – a formal method of software development. The idea of the methodology is to (1) formulate a state-machine model of the (sub… 

Figures and Tables from this paper

Modelling and refinement of forensic data acquisition specifications
  • B. Aziz
  • Computer Science
    Digit. Investig.
  • 2014
A formal model for forensic storage media preparation tools
TLDR
This paper defines a model of a special type of digital forensics tools, known as digital media preparation forensic tools, using the formal refinement language Event-B, to provide a formal specification against which the implementations of such tools can be analysed and tested in the future.
A Consistency Study of the Windows Registry
TLDR
A novel method for checking the consistency of forensic registry artifacts by gathering event information from the artifacts and analyzing the event sequences based on the associated timestamps is proposed.
Liability issues in software engineering
TLDR
This paper reports on the results of a multidisciplinary project involving lawyers and computer scientists to define software liability in a precise and unambiguous way and establish such liability in case of incident.
Towards An Automated Forensic Examiner (AFE) Based Upon Criminal Profiling & Artificial Intelligence
TLDR
The Automated Forensic Examiner (AFE) is proposed that seeks to apply artificial intelligence to the problem of sorting and identifying relevant artefacts, and utilises a number of techniques, including a technical competency measure, a dynamic criminal knowledge base and visualisation to provide an investigator with an in depth understanding of the case.
Towards An Automated Forensic Examiner (AFE) Based Upon Criminal Profiling & Artificial Intelligence
TLDR
The Automated Forensic Examiner (AFE) is proposed that seeks to apply artificial intelligence to the problem of sorting and identifying relevant artefacts, and utilises a number of techniques, including a technical competency measure, a dynamic criminal knowledge base and visualisation to provide an investigator with an in depth understanding of the case.
Liability in software engineering: overview of the LISE approach and illustration on a case study
TLDR
An overview of the overall approach taken in the LISE project is provided based on a case study where, in order to reduce legal uncertainties, the parties to a contract wish to include in the agreement specific clauses to define as precisely as possible the share of liabilities between them for the main types of failures of the system.
Characterizing the Limitations of Forensic Event Reconstruction Based on Log Files
  • Tobias Latzo, F. Freiling
  • Computer Science
    2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
  • 2019
TLDR
An evaluation of a single GNU/Linux server running Apache and Wordpress revealed that especially typical insider attacks leave few traces in common log files, so using traces from selected system calls considerably increases the possibility of incident detection.
Formalization of digital forensic theory by using Buchi Automaton
We investigate that Buchi Automata based modeling and formalization of digital forensic theory is more suitable for Digital Forensic Analysis over the existing methods like Log based and Finite State
Designing Log Architectures for Legal Evidence
TLDR
Criteria for acceptable log architectures depending on the features of the system and the potential claims between the parties are proposed and illustrated with a travel booking system.
...
1
2
...

References

SHOWING 1-10 OF 18 REFERENCES
A Formalization of Digital Forensics
TLDR
A formal model for analyzing and constructing forensic procedures, showing the advantages of formalization, is proposed and applied in a real-world scenario with focus on Linux and OS X.
ProB: A Model Checker for B
TLDR
This work presents the first experiences in using PROB on several case studies, highlighting that PROB enables users to uncover errors that are not easily discovered by existing tools.
Programming from specifications
  • Carroll Morgan
  • Computer Science
    Prentice Hall International Series in computer science
  • 1990
TLDR
This second edition features substantial restructuring of earlier material, streamlining the introduction of programming language features; simplified presentation of procedures, parameters and recursion; an expanded chapter on data refinement, giving the much simpler laws that specialize to functional abstractions.
The B-method - an introduction
This book provides a textbook introduction to the B-Method, a rigorous methodology for the development of correct software, underpinned by powerful ...
Météor: A Successful Application of B in a Large Project
TLDR
The automatic train operating system for METEOR, the first driverless metro in the city of Paris, is designed to manage the traffic of the vehicles controlled automatically or manually, developed using the B formal method together with the Vital Coded Processor.
The B-book - assigning programs to meanings
Tribute Foreword Introduction Part I. Mathematics: 1. Mathematical reasoning 2. Set notation 3. Mathematical objects Part II. Abstract Machines: 4. Introduction to abstract machines 5. Formal
RODIN (Rigorous Open Development Environment for Complex Systems)
Partners: University of Newcastle upon Tyne, UK (Coordinating Site) Åbo Akademi, Turku, Finland ClearSy System Engineering, France Federal Institute of Technology (ETH), Zurich, Switzerland NOKIA
User and Reference Manuals, Aix-en-Provence, France
  • User and Reference Manuals, Aix-en-Provence, France
  • 2001
AusCERT) (2002) Alert AA- 2002.03 File-Sharing Activity Part 2 of 2 -Increased intruder attacks against servers to expand illegal file sharing networks
  • AusCERT) (2002) Alert AA- 2002.03 File-Sharing Activity Part 2 of 2 -Increased intruder attacks against servers to expand illegal file sharing networks
  • 2007
Event-B Language, RODIN (Rigorous Open Development Environment for Complex Systems) Project IST-511599
  • Deliverable 3.2. Retrieved March
  • 2005
...
1
2
...