DocumentCode
2745332
Title
Formal Digital Investigation of Anti-forensic Attacks
Author
Rekhis, Slim ; Boudriga, Noureddine
Author_Institution
Commun. Networks & Security Res. Lab., Univ. of the 7th November, Carthage, Tunisia
fYear
2010
fDate
20-20 May 2010
Firstpage
33
Lastpage
44
Abstract
One of the major interest perceived by research in digital forensic investigation is the development of theoretical and scientifically proven methods of incident analysis. However, two main problems, which remain unsolved by the literature, could lead the formal incident analysis to be inconclusive. The former is related to the absence of techniques to cope with anti-forensic attacks and reconstruction of scenarios when evidences are compromised by these attacks. The latter is related to lack of theoretical techniques, usable during the system preparation (a phase which precedes the occurrence of an incident) to assess whether the evidence to be generated would be sufficient to prove relevant events that occurred on the compromised system in the presence of anti-forensic attacks.The aim of this research is to develop a theoretical technique of digital investigation which copes with anti-forensic attacks. After developing a formal logic-based model which allows to describe complex investigated systems and generated evidences under different levels of abstractions, we extend the concept of Visibility to characterize situations where anti-forensic attacks would be provable and traces regarding actions hidden by these attacks would become identified. A methodology showing the use of Visibility properties during investigation of anti-forensic attacks is described, and a case study, which exemplifies the proposal, is provided.
Keywords
computer forensics; formal logic; formal verification; antiforensic attack; digital forensic investigation; formal incident analysis; formal logic; Character generation; Communication networks; Communication system security; Computer hacking; Data security; Digital forensics; Event detection; Information analysis; Information security; Proposals; depiction forensic fonts; digital forensics; visualization;
fLanguage
English
Publisher
ieee
Conference_Titel
Systematic Approaches to Digital Forensic Engineering (SADFE), 2010 Fifth IEEE International Workshop on
Conference_Location
Oakland, CA
Print_ISBN
978-0-7695-4052-8
Type
conf
DOI
10.1109/SADFE.2010.9
Filename
5491959
Link To Document