Relating Admissibility Standards for Digital Evidence to Attack Scenario Reconstruction

Relating Admissibility Standards for Digital Evidence to Attack Scenario Reconstruction

Attackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-forensic tools to make it difficult to find incriminating evidence and reconstruct attack scenarios that can stand up to the expected level of evidence admissibility in a court of law. As a solution, we propose to integrate the legal aspects of evidence correlation into a Prolog based reasoner to...

A Model for Digital Evidence Admissibility Assessment

Digital evidence is increasingly important in legal proceedings as a result of advances in the information and communications technology sector. Because of the transnational nature of computer crimes and computer-facilitated crimes, the digital forensic process and digital evidence handling must be standardized to ensure that the digital evidence produced is admissible in legal proceedings. The...

Cyber Forensics and Admissibility of Digital Evidence

Cyber Forensics and Admissibility of Digital Evidence by Dr. Swati Mehta* Cite as: (2012) PL January S-23†Section 65-B of the Evidence Act deals with admissibility of electronic records as evidence in the court of law. The computer holding the original evidence does not need to be produced in court. A printout of the record or a copy on a CDROM, hard disk, floppy, etc. can be produced in the ...

SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data

We present an approach and system for real-time reconstruction of attack scenarios on an enterprise host. To meet the scalability and real-time needs of the problem, we develop a platform-neutral, main-memory based, dependency graph abstraction of audit-log data. We then present efficient, tag-based techniques for attack detection and reconstruction, including source identification and impact a...

Voice Spectrography Evidence: Approaches to Admissibility