Title :
Automated analysis for digital forensic science: semantic integrity checking
Author :
Stallard, Tye ; Levitt, Karl
Author_Institution :
Dept. of Comput. Sci., California Univ., Davis, CA, USA
Abstract :
When computer security violations are detected, computer forensic analysts attempting to determine the relevant causes and effects are forced to perform the tedious tasks of finding and preserving useful clues in large networks of operational machines. To augment a computer crime investigator´s efforts, we present an expert system with a decision tree that uses predetermined invariant relationships between redundant digital objects to detect semantic incongruities. By analyzing data from a host or network and searching for violations of known data relationships, particularly when an attacker is attempting to hide his presence, an attacker´s unauthorized changes may be automatically identified. Examples of such invariant data relationships are provided, as are techniques to identify new, useful ones. By automatically identifying relevant evidence, experts can focus on the relevant files, users, times and other facts first.
Keywords :
authorisation; computer crime; data integrity; decision trees; expert systems; automated analysis; computer crime investigator; computer forensic analyst; computer security; decision tree; digital forensic science; expert system; predetermined invariant relationship; redundant digital object; semantic integrity checking; Cause effect analysis; Computer crime; Computer networks; Computer security; Data analysis; Decision trees; Digital forensics; Expert systems; Object detection; Performance analysis;
Conference_Titel :
Computer Security Applications Conference, 2003. Proceedings. 19th Annual
Print_ISBN :
0-7695-2041-3
DOI :
10.1109/CSAC.2003.1254321
