Computer forensics in forensis

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Computer forensics in forensis

Full text

Pdf (442 KB)

Source

ACM SIGOPS Operating Systems Review archive
Volume 42 , Issue 3 (April 2008) table of contents

FEATURE: Computer forensics table of contents

Pages 112-122

Year of Publication: 2008

ISSN:0163-5980

Authors

Sean Peisert	University of California, Davis, CA
Matt Bishop	University of California, Davis, CA
Keith Marzullo	University of California, La Jolla, CA

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 56, Downloads (12 Months): 422, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1368506.1368521 What is a DOI?

ABSTRACT

Different users apply computer forensic systems, models, and terminology in very different ways. They often make incompatible assumptions and reach different conclusions about the validity and accuracy of the methods they use to log, audit, and present forensic data. In fact, it can be hard to say who, if anyone is right. We present several forensic systems and discuss situations in which they produce valid and accurate conclusions and also situations in which their accuracy is suspect. We also present forensic models and discuss areas in which they are useful and areas in which they could be augmented. Finally, we present some recommendations about how computer scientists, forensic practitioners, lawyers, and judges could build more complete models of forensics that take into account appropriate legal details and lead to scientifically valid forensic analysis.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	New Oxford American Dictionary. Second edition.
	2	R. Abdulrahim. Results of Goshen school vote on $70M bond are lost forever. Times Herald-Record, December 6 2007.
	3	E. Allman. Personal conversations, January 2005.
	4	J. P. Anderson. Computer Security Threat Monitoring and Surveillance. Technical report, James P. Anderson Co., Fort Washington, PA, April 1980.
	5	Michael W. Andrew, Defining a Process Model for Forensic Analysis of Digital Devices and Storage Media, Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering, p.16-30, April 10-12, 2007 [doi>10.1109/SADFE.2007.8]
	6	M. Bishop. A Model of Security Monitoring. In Proceedings of the Fifth Annual Computer Security Applications Conference (ACSAC), pages 46--52, Tucson, AZ, December 1989.
	7	M. Bishop. Computer Security: Art and Science. Addison-Wesley Professional, Boston, MA, 2003.
	8	Matt Bishop , David Wagner, Risks of e-voting, Communications of the ACM, v.50 n.11, November 2007 [doi>10.1145/1297797.1297827]
	9	M. Bishop et al. UC Red Team Report of California Secretary of State Top-to-Bottom Voting Systems Review, 2007.
	10	D. Bonyun. The Role of a Well-Defined Auditing Process in the Enforcement of Privacy and Data Security. In Proceedings of the 1980 IEEE Symposium on Security and Privacy, 1980.
	11	Florian Buchholz , Eugene H. Spafford, Pervasive binding of labels to system processes, Purdue University, West Lafayette, IN, 2005
	12	Florian P. Buchholz , Clay Shields, Providing process origin information to aid in computer forensic investigations, Journal of Computer Security, v.12 n.5, p.753-776, September 2004
	13	Brian Carrier, File System Forensic Analysis, Addison-Wesley Professional, 2005
	14	B. Carrier and E. H. Spafford. Getting Physical with the Digital Investigation Process. International Journal of Digital Evidence, 2(2), Fall 2003.
	15	Brian D. Carrier , Eugene H. Spafford, A hypothesis-based approach to digital forensic investigations, Purdue University, West Lafayette, IN, 2006
	16	A. L. Cowan. Teacher Faces Jail Over Pornography on Class Computer. New York Times, February 14 2007.
	17	George W. Dunlap , Samuel T. King , Sukru Cinar , Murtaza A. Basrai , Peter M. Chen, ReVirt: enabling intrusion analysis through virtual-machine logging and replay, Proceedings of the 5th symposium on Operating systems design and implementation Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading , December 09-11, 2002, Boston, Massachusetts [doi>10.1145/1060289.1060309]
	18	M. W. Eichin and J. A. Rochlis. With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, Oakland, CA, 1989.
	19	Barbara E. Endicott-Popovsky , J. D. Fluckiger , Deborah A. Frincke, Establishing Tap Reliability in Expert Witness Testimony: Using Scenarios to Identify Calibration Needs, Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering, p.131-146, April 10-12, 2007 [doi>10.1109/SADFE.2007.10]
	20	Dan Farmer , Wietse Venema, Forensic Discovery, Addison Wesley Professional, 2004
	21	Ryan Gardner , Sujata Garera , Aviel D. Rubin, On the difficulty of validating voting machine software with software, Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology, p.11-11, August 06, 2007, Boston, MA
	22	Andrew Harrison Gross, Analyzing computer intrusions, University of California at San Diego, La Jolla, CA, 1998
	23	Peter Gutmann, Data remanence in semiconductor devices, Proceedings of the 10th conference on USENIX Security Symposium, p.4-4, August 13-17, 2001, Washington, D.C.
	24	D. Hayes (quoting Scott C. Williams, supervisory special agent for the FBI's computer analysis and response team in Kansas City). KC to join high-tech fight against high-tech crimes: FBI to open $2 million center here. Kansas City Star, page A1, April 26 2002.
	25	Steven A. Hofmeyr , Stephanie Forrest , Anil Somayaji, Intrusion detection using sequences of system calls, Journal of Computer Security, v.6 n.3, p.151-180, August 1998
	26	E. Kenneally. Computer Forensics Beyond the Buzzword. ;login:, 27(4):8--11, August 2002.
	27	Gene H. Kim , Eugene H. Spafford, The design and implementation of tripwire: a file system integrity checker, Proceedings of the 2nd ACM Conference on Computer and communications security, p.18-29, November 1994, Fairfax, Virginia, United States [doi>10.1145/191177.191183]
	28	Samuel T. King , Peter M. Chen, Backtracking intrusions, ACM Transactions on Computer Systems (TOCS), v.23 n.1, p.51-76, February 2005 [doi>10.1145/1047915.1047918]
	29	S. T. King, Z. M. Mao, D. G. Lucchetti, and P. M. Chen. Enriching Intrusion Alerts Through Multi-Host Causality. In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS), 2005.
	30	Tadayoshi Kohno , Andre Broido , K. C. Claffy, Remote Physical Device Fingerprinting, IEEE Transactions on Dependable and Secure Computing, v.2 n.2, p.93-108, April 2005 [doi>10.1109/TDSC.2005.26]
	31	T. Kohno, A. Stubblefield, A. D. Rubin, and D. S. Wallach. Analysis of an Electronic Voting System. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, pages 27--40, 2004.
	32	Benjamin A. Kuperman , Eugene H. Spafford, A categorization of computer security monitoring systems and the impact on the design of audit sources, Purdue University, West Lafayette, IN, 2004
	33	U. Lindqvist , P. Porras, eXpert-BSM: A Host-Based Intrusion Detection Solution for Sun Solaris, Proceedings of the 17th Annual Computer Security Applications Conference, p.240, December 10-14, 2001
	34	Martin Littlefield (Assistant U.S. Attorney, WDNY). Emerging Legal and Forensic Issues for Computer Scientists Teaching Digital Forensics and Information Assurance: The Import of United States v. Garnier. Digital Forensics Working Group 2007 Workshop, June 2007.
	35	Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory, ACM Transactions on Information and System Security (TISSEC), v.3 n.4, p.262-294, Nov. 2000 [doi>10.1145/382912.382923]
	36	Satish Narayanasamy , Gilles Pokam , Brad Calder, BugNet: Continuously Recording Program Execution for Deterministic Replay Debugging, Proceedings of the 32nd annual international symposium on Computer Architecture, p.284-295, June 04-08, 2005
	37	National Institute of Standards and Technology (NIST). Computer forensic tool testing program. http://www.cftt.nist.gov/.
	38	National Institute of Standards and Technology (NIST). Deleted File Recovery Specifications Draft Report. http://www.cftt.nist.gov/DFR-Specification-SC.pdf, January 19 2005.
	39	W. Osser and A. Noordergraaf. Auditing in the Solaris Operating Environment. Sun Microsystems, Inc., February 2001.
	40	S. Peisert. Forensics for System Administrators. ;login:, 30(4):34--42, August 2005.
	41	S. Peisert and M. Bishop. How to Design Computer Security Experiments. In Proceedings of the Fifth World Conference on Information Security Education (WISE), pages 141--148, West Point, NY, June 2007.
	42	Sean Peisert , Matt Bishop, I Am a Scientist, Not a Philosopher!, IEEE Security and Privacy, v.5 n.4, p.48-51, July 2007 [doi>10.1109/MSP.2007.84]
	43	Sean Peisert , Sidney Karin , Matt Bishop , Keith Marzullo, Principles-driven forensic analysis, Proceedings of the 2005 workshop on New security paradigms, September 20-23, 2005, Lake Arrowhead, California [doi>10.1145/1146269.1146291]
	44	Sean Peisert , Matt Bishop , Sidney Karin , Keith Marzullo, Analysis of Computer Intrusions Using Sequences of Function Calls, IEEE Transactions on Dependable and Secure Computing, v.4 n.2, p.137-150, April 2007 [doi>10.1109/TDSC.2007.1003]
	45	Sean Peisert , Matt Bishop , Sidney Karin , Keith Marzullo, Toward Models for Forensic Analysis, Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering, p.3-15, April 10-12, 2007 [doi>10.1109/SADFE.2007.23]
	46	Sean Philip Peisert , Sidney Karin, A model of forensic analysis using goal-oriented logging, University of California at San Diego, La Jolla, CA, 2007
	47	Mark M. Pollitt, An Ad Hoc Review of Digital Forensic Models, Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering, p.43-54, April 10-12, 2007 [doi>10.1109/SADFE.2007.3]
	48	Fred B. Schneider, Enforceable security policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.1, p.30-50, Feb. 2000 [doi>10.1145/353323.353382]
	49	Bruce Schneier , John Kelsey, Secure audit logs to support computer forensics, ACM Transactions on Information and System Security (TISSEC), v.2 n.2, p.159-176, May 1999 [doi>10.1145/317087.317089]
	50	Sriranjani Sitaraman , S. Venkatesan, Forensic Analysis of File System Intrusions Using Improved Backtracking, Proceedings of the Third IEEE International Workshop on Information Assurance, p.154-163, March 23-24, 2005 [doi>10.1109/IWIA.2005.9]
	51	Fred Chris Smith , Rebecca Gurley Bace, A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony As An Expert Technical Witness, Pearson Education, 2002
	52	P. Sommer. Intrusion Detection Systems as Evidence. In Proceedings of the First International Workshop on Recent Advances in Intrusion Detection (RAID), 1998.
	53	E. H. Spafford and S. A. Weeber. Software forensics: Can we track code to its authors? Technical Report CSD-TR 92--010, Department of Computer Science, Purdue University, 1992.
	54	Tye Stallard , Karl Levitt, Automated Analysis for Digital Forensic Science: Semantic Integrity Checking, Proceedings of the 19th Annual Computer Security Applications Conference, p.160, December 08-12, 2003
	55	P. Stephenson. The Application of Intrusion Detection Systems in a Forensic Environment (extended abstract). In The Third International Workshop on Recent Advances in Intrusion Detection (RAID), 2000.
	56	Kymie M. C. Tan , Roy A. Maxion, "Why 6?" Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.188, May 12-15, 2002
	57	Ken Thompson, Reflections on trusting trust, Communications of the ACM, v.27 n.8, p.761-763, Aug 1984 [doi>10.1145/358198.358210]
	58	W. Venema. TCP WRAPPER: Network monitoring, access control, and booby traps. In Proceedings of the 3rd USENIX Security Symposium, September 1992.
	59	E. J. Wagner. The Science of Sherlock Holmes. Wiley, 2006.
	60	J. Wildermuth. Secretary of state casts doubt on future of electronic voting. San Francisco Chronicle, pages C--7, December 2 2007.
	61	A. Yasinsac, D. Wagner, M. Bishop, T. Baker, B. de Medeiros, G. Tyson, M. Shamos, and M. Burmester. Software Review and Security Analysis of the ES&S iVotronic 8.0.1.2 Voting Machine Firmware: Final Report For the Florida Department of State. Security and Assurance in Information Technology Laboratory, Florida State University, Tallahassee, Florida, February 23 2007.
	62	K. J. Ziese. Computer based forensics -- a case study -- U.S. support to the U.N. In Proceedings of CMAD IV: Computer Misuse and Anomaly Detection, 1996.