Formalizing Computer Forensic Analysis: A Proof-Based Methodology

Show full item record

Title: Formalizing Computer Forensic Analysis: A Proof-Based Methodology
Author: Sremack, Joseph
Advisors: Dr. Mladen A. Vouk, Committee Co-Chair
Dr. Jun Xu, Committee Co-Chair
Dr. Peng Ning, Committee Member
Abstract: Computer forensics is an important subject in the field of computer security. Impenetrably secure systems are not a reality - hundreds of thousands of security breaches are reported annually. When a security breach does occur, certain steps must be taken to understand what happened and how to recover from the incident, including data collection, analysis, and recovery. These responses to an incident comprise one part of computer forensics. A successful forensic investigation of any security breach requires a sound approach. Forensics literature provides a general model for conducting an investigation that can acts as a template for forensic investigations. The current literature, however, has primarily focused on two extremes of forensics: technical details and high-level procedural guidelines. By focusing on the extremes, many of the intermediate steps and logical conclusions that a forensic investigator must make are omitted. This omission leaves the burden of forming the logical structure of an investigation to the investigator. Such ad hoc approaches can lead to inefficient investigations with extraneous investigatory steps, and possibly less accurate results. This thesis explores the formalization of existing computer forensic analysis techniques such that a complete forensic investigation can be conducted in an efficient and meticulous manner. The formalization includes the use of high-level incident information to formulate a broad hypothesis about the entire incident. The hypothesis is then proven by performing a series of lower-level proofs - either by inductive or by deductive (axiomatic inductive) means - each of which acts as a premise for the overall incident hypothesis. The formalized analysis is then applied to actual forensic investigations to demonstrate its effectiveness. The formalized methodology and techniques presented in this thesis demonstrate how forensic investigations can be scientifically rigorous without sacrificing the necessary amount of creativity that is required for a complete investigation.
Date: 2004-07-18
Degree: MS
Discipline: Computer Science

Files in this item

Files Size Format View
etd.pdf 706.2Kb PDF View/Open

This item appears in the following Collection(s)

Show full item record