• Corpus ID: 17243746

Rigorous Development of Automated Inconsistency Checks for Digital Evidence Using the B Method

@article{Gladyshev2007RigorousDO,
  title={Rigorous Development of Automated Inconsistency Checks for Digital Evidence Using the B Method},
  author={Pavel Gladyshev and Andreas Enbacka},
  journal={Int. J. Digit. EVid.},
  year={2007},
  volume={6}
}
Inconsistencies in various data structures, such as missing log records and modified operating system files, have long been used by intrusion investigators and forensic analysts as indicators of suspicious activity. This paper describes a rigorous methodology for developing such inconsistency checks and verifying their correctness. It is based on the use of the B Method – a formal method of software development. The idea of the methodology is to (1) formulate a state-machine model of the (sub… 
View Paper
14 Citations
Background Citations
4
Methods Citations
5

Figures and Tables from this paper

14 Citations

Modelling and refinement of forensic data acquisition specifications

  • B. Aziz
  • Computer Science
    Digit. Investig.
  • 2014

A formal model for forensic storage media preparation tools

This paper defines a model of a special type of digital forensics tools, known as digital media preparation forensic tools, using the formal refinement language Event-B, to provide a formal specification against which the implementations of such tools can be analysed and tested in the future.

A Consistency Study of the Windows Registry

A novel method for checking the consistency of forensic registry artifacts by gathering event information from the artifacts and analyzing the event sequences based on the associated timestamps is proposed.

Liability issues in software engineering

This paper reports on the results of a multidisciplinary project involving lawyers and computer scientists to define software liability in a precise and unambiguous way and establish such liability in case of incident.

Towards An Automated Forensic Examiner (AFE) Based Upon Criminal Profiling & Artificial Intelligence

The Automated Forensic Examiner (AFE) is proposed that seeks to apply artificial intelligence to the problem of sorting and identifying relevant artefacts, and utilises a number of techniques, including a technical competency measure, a dynamic criminal knowledge base and visualisation to provide an investigator with an in depth understanding of the case.

Towards An Automated Forensic Examiner (AFE) Based Upon Criminal Profiling & Artificial Intelligence

The Automated Forensic Examiner (AFE) is proposed that seeks to apply artificial intelligence to the problem of sorting and identifying relevant artefacts, and utilises a number of techniques, including a technical competency measure, a dynamic criminal knowledge base and visualisation to provide an investigator with an in depth understanding of the case.

Liability in software engineering: overview of the LISE approach and illustration on a case study

An overview of the overall approach taken in the LISE project is provided based on a case study where, in order to reduce legal uncertainties, the parties to a contract wish to include in the agreement specific clauses to define as precisely as possible the share of liabilities between them for the main types of failures of the system.

Characterizing the Limitations of Forensic Event Reconstruction Based on Log Files

  • Tobias LatzoF. Freiling
  • Computer Science
    2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
  • 2019
An evaluation of a single GNU/Linux server running Apache and Wordpress revealed that especially typical insider attacks leave few traces in common log files, so using traces from selected system calls considerably increases the possibility of incident detection.

Formalization of digital forensic theory by using Buchi Automaton

We investigate that Buchi Automata based modeling and formalization of digital forensic theory is more suitable for Digital Forensic Analysis over the existing methods like Log based and Finite State

Designing Log Architectures for Legal Evidence

Criteria for acceptable log architectures depending on the features of the system and the potential claims between the parties are proposed and illustrated with a travel booking system.

18 References

A Formalization of Digital Forensics

A formal model for analyzing and constructing forensic procedures, showing the advantages of formalization, is proposed and applied in a real-world scenario with focus on Linux and OS X.

ProB: A Model Checker for B

This work presents the first experiences in using PROB on several case studies, highlighting that PROB enables users to uncover errors that are not easily discovered by existing tools.

Programming from specifications

  • Carroll Morgan
  • Computer Science
    Prentice Hall International Series in computer science
  • 1990
This second edition features substantial restructuring of earlier material, streamlining the introduction of programming language features; simplified presentation of procedures, parameters and recursion; an expanded chapter on data refinement, giving the much simpler laws that specialize to functional abstractions.

The B-method - an introduction

This book provides a textbook introduction to the B-Method, a rigorous methodology for the development of correct software, underpinned by powerful ...

Météor: A Successful Application of B in a Large Project

The automatic train operating system for METEOR, the first driverless metro in the city of Paris, is designed to manage the traffic of the vehicles controlled automatically or manually, developed using the B formal method together with the Vital Coded Processor.

The B-book - assigning programs to meanings

Tribute Foreword Introduction Part I. Mathematics: 1. Mathematical reasoning 2. Set notation 3. Mathematical objects Part II. Abstract Machines: 4. Introduction to abstract machines 5. Formal

RODIN (Rigorous Open Development Environment for Complex Systems)

Partners: University of Newcastle upon Tyne, UK (Coordinating Site) Åbo Akademi, Turku, Finland ClearSy System Engineering, France Federal Institute of Technology (ETH), Zurich, Switzerland NOKIA

User and Reference Manuals, Aix-en-Provence, France

  • User and Reference Manuals, Aix-en-Provence, France
  • 2001

Programming from specifications (2nd ed.)

AusCERT) (2002) Alert AA- 2002.03 File-Sharing Activity Part 2 of 2 -Increased intruder attacks against servers to expand illegal file sharing networks

  • AusCERT) (2002) Alert AA- 2002.03 File-Sharing Activity Part 2 of 2 -Increased intruder attacks against servers to expand illegal file sharing networks
  • 2007