Formalizing Computer Forensic Analysis: A Proof-Based Methodology
| dc.contributor.advisor | Dr. Mladen A. Vouk, Committee Co-Chair | en_US |
| dc.contributor.advisor | Dr. Jun Xu, Committee Co-Chair | en_US |
| dc.contributor.advisor | Dr. Peng Ning, Committee Member | en_US |
| dc.contributor.author | Sremack, Joseph | en_US |
| dc.date.accessioned | 2010-04-02T18:14:35Z | |
| dc.date.available | 2010-04-02T18:14:35Z | |
| dc.date.issued | 2004-07-18 | en_US |
| dc.degree.discipline | Computer Science | en_US |
| dc.degree.level | thesis | en_US |
| dc.degree.name | MS | en_US |
| dc.description.abstract | Computer forensics is an important subject in the field of computer security. Impenetrably secure systems are not a reality - hundreds of thousands of security breaches are reported annually. When a security breach does occur, certain steps must be taken to understand what happened and how to recover from the incident, including data collection, analysis, and recovery. These responses to an incident comprise one part of computer forensics. A successful forensic investigation of any security breach requires a sound approach. Forensics literature provides a general model for conducting an investigation that can acts as a template for forensic investigations. The current literature, however, has primarily focused on two extremes of forensics: technical details and high-level procedural guidelines. By focusing on the extremes, many of the intermediate steps and logical conclusions that a forensic investigator must make are omitted. This omission leaves the burden of forming the logical structure of an investigation to the investigator. Such ad hoc approaches can lead to inefficient investigations with extraneous investigatory steps, and possibly less accurate results. This thesis explores the formalization of existing computer forensic analysis techniques such that a complete forensic investigation can be conducted in an efficient and meticulous manner. The formalization includes the use of high-level incident information to formulate a broad hypothesis about the entire incident. The hypothesis is then proven by performing a series of lower-level proofs - either by inductive or by deductive (axiomatic inductive) means - each of which acts as a premise for the overall incident hypothesis. The formalized analysis is then applied to actual forensic investigations to demonstrate its effectiveness. The formalized methodology and techniques presented in this thesis demonstrate how forensic investigations can be scientifically rigorous without sacrificing the necessary amount of creativity that is required for a complete investigation. | en_US |
| dc.identifier.other | etd-03312004-230130 | en_US |
| dc.identifier.uri | http://www.lib.ncsu.edu/resolver/1840.16/2507 | |
| dc.rights | I hereby certify that, if appropriate, I have obtained and attached hereto a written permission statement from the owner(s) of each third party copyrighted matter to be included in my thesis, dissertation, or project report, allowing distribution as specified below. I certify that the version I submitted is the same as that approved by my advisory committee. I hereby grant to NC State University or its agents the non-exclusive license to archive and make accessible, under the conditions specified below, my thesis, dissertation, or project report in whole or in part in all forms of media, now or hereafter known. I retain all other ownership rights to the copyright of the thesis, dissertation or project report. I also retain the right to use in future works (such as articles or books) all or part of this thesis, dissertation, or project report. | en_US |
| dc.subject | methodology | en_US |
| dc.subject | analysis | en_US |
| dc.subject | proof | en_US |
| dc.subject | incident response | en_US |
| dc.subject | computer forensics | en_US |
| dc.title | Formalizing Computer Forensic Analysis: A Proof-Based Methodology | en_US |
Files
Original bundle
1 - 1 of 1
