Announcements

Center for Information Protection
UC Davis is planning to join the NSF I/UCRC Center for Information Protection. We are looking for companies to join our Industrial Advisory Board.
Find out more here!

Conferences and Workshops

My Links

Other Links

This Quarter’s Classes

Office Hours for This Quarter

Contacting Me

Paper: Principles-Driven Forensic Analysis


Citation

  • S. Peisert, M. Bishop, S. Karin, and K. Marzullo, “Principles-Driven Forensic Analysis,” Proceedings of the 2005 New Security Paradigms Workshop pp. 85–93 (Sep. 2005).

Paper

Abstract

It is possible to enhance our understanding of what has happened on a computer system by using forensic techniques that do not require prediction of the nature of the attack, the skill of the attacker, or the details of the system resources or objects affected. These techniques address five fundamental principles of computer forensics. These principles include recording data about the entire operating system, particularly user space events and environments, and interpreting events at different layers of abstraction, aided by the context in which they occurred. They also deal with modeling the recorded data as a multi-resolution, finite state machine so that results can be established to a high degree of certainty rather than merely inferred.

Copyright Notice

© ACM, 2005. This is the author’s version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Proceedings of the 2005 Workshop on New Security Paradigms, Sep. 2005, and is available at http://doi.acm.org/10.1145/1146269.1146291.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh
Last updated on Monday, July 20, 2009 at 10:33:15AM PDT