Finite state machine approach to digital event reconstruction
نویسندگان
چکیده
This paper presents a rigorous method for reconstructing events in digital systems. It is based on the idea, that once the system is described as a finite state machine, its state space can be explored to determine all possible scenarios of the incident. To formalize evidence, the evidential statement notation is introduced. It represents the facts conveyed by the evidence as a series of witness stories that restrict possible computations of the finite state machine. To automate event reconstruction, a generic event reconstruction algorithm is proposed. It computes the set of all possible explanations for the given evidential statement with respect to the given finite state machine.
منابع مشابه
Analysis of Evidence Using Formal Event Reconstruction
This paper expands upon the finite state machine approach for the formal analysis of digital evidence. The proposed method may be used to support the feasibility of a given statement by testing it against a relevant system model. To achieve this, a novel method for modeling the system and evidential statements is given. The method is then examined in a case study example.
متن کاملRestricted cascade and wreath products of fuzzy finite switchboard state machines
A finite switchboard state machine is a specialized finite state machine. It is built by binding the concepts of switching state machines and commutative state machines. The main purpose of this paper is to give a specific algorithm for fuzzy finite switchboard state machine and also, investigates the concepts of switching relation, covering, restricted cascade products and wreath products of f...
متن کاملDigital Pulse Processing
This thesis develops an exact approach for processing pulse signals from an integrateand-fire system directly in the time-domain. Processing is deterministic and built from simple asynchronous finite-state machines that can perform general piecewise-linear operations. The pulses can then be converted back into an analog or fixed-point digital representation through a filter-based reconstruction...
متن کاملFinite State Machine Analysis of a Blackmail Investigation
This paper gives informal introduction into the finite state machine approach to analysis of digital evidence and explores its use as a defence tool – for finding weaknesses in the forensic analysis performed by the opposing party. The key concepts of the finite state machine approach are reviewed, and an example analysis of a published case study is performed. It is shown how the described app...
متن کاملTowards Automated Forensic Event Reconstruction of Malicious Code (Poster Abstract)
A call for formalizing digital forensic investigations has been proposed by academics and practitioners alike [1, 2]. Many currently proposed methods of malware analysis for forensic investigation purposes, however, are derived based on the investigators’ practical experience. This paper presents a formal approach for reconstructing the activities of a malicious executable found in a victim’s s...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Digital Investigation
دوره 1 شماره
صفحات -
تاریخ انتشار 2004