Sciweavers

ACSAC
2003
IEEE

Automated Analysis for Digital Forensic Science: Semantic Integrity Checking

14 years 5 months ago
Automated Analysis for Digital Forensic Science: Semantic Integrity Checking
When computer security violations are detected, computer forensic analysts attempting to determine the relevant causes and effects are forced to perform the tedious tasks of finding and preserving useful clues in large networks of operational machines. To augment a computer crime investigator’s efforts, the approach presented in this paper is an expert system with a decision tree that uses predetermined invariant relationships between redundant digital objects to detect semantic incongruities. By analyzing data from a host or network and searching for violations of known data relationships, particularly when an attacker is attempting to hide his presence, an attacker’s unauthorized changes may be automatically identified. Examples of such invariant data relationships are provided, as are techniques to identify new, useful ones. By automatically identifying relevant evidence, experts can focus on the relevant files, users, times and other facts first.
Tye Stallard, Karl N. Levitt
Added 04 Jul 2010
Updated 04 Jul 2010
Type Conference
Year 2003
Where ACSAC
Authors Tye Stallard, Karl N. Levitt
Comments (0)