The University of Southampton
University of Southampton Institutional Repository

A formal approach to analyzing cyber-forensics evidence

A formal approach to analyzing cyber-forensics evidence
A formal approach to analyzing cyber-forensics evidence
The frequency and harmfulness of cyber-attacks are increasing every day, and with them also the amount of data that the cyber-forensics analysts need to collect and analyze. In this paper, we propose a formal analysis process that allows an analyst to filter the enormous amount of evidence collected and either identify crucial information about the attack (e.g., when it occurred, its culprit, its target) or, at the very least, perform a pre-analysis to reduce the complexity of the problem in order to then draw conclusions more swiftly and efficiently. We introduce the Evidence Logic EL for representing simple and derived pieces of evidence from different sources. We propose a procedure, based on monotonic reasoning, that rewrites the pieces of evidence with the use of tableau rules, based on relations of trust between sources and the reasoning behind the derived evidence, and yields a consistent set of pieces of evidence. As proof of concept, we apply our analysis process to a concrete cyber-forensics case study.
0302-9743
281-301
Springer
Karafili, Erisa
f5efa31c-22b8-443e-8107-e488bd28918e
Cristani, Matteo
f3a9bb30-a2f0-44b2-9157-a61d7ee719e9
Viganò, Luca
2d073750-e255-4946-93b0-984d67639e78
Lopez, Javier
Zhou, Jianying
Soriano, Miguel
Karafili, Erisa
f5efa31c-22b8-443e-8107-e488bd28918e
Cristani, Matteo
f3a9bb30-a2f0-44b2-9157-a61d7ee719e9
Viganò, Luca
2d073750-e255-4946-93b0-984d67639e78
Lopez, Javier
Zhou, Jianying
Soriano, Miguel

Karafili, Erisa, Cristani, Matteo and Viganò, Luca (2018) A formal approach to analyzing cyber-forensics evidence. Lopez, Javier, Zhou, Jianying and Soriano, Miguel (eds.) In Computer Security: ESORICS 2018. Springer. pp. 281-301 . (doi:10.1007/978-3-319-99073-6_14).

Record type: Conference or Workshop Item (Paper)

Abstract

The frequency and harmfulness of cyber-attacks are increasing every day, and with them also the amount of data that the cyber-forensics analysts need to collect and analyze. In this paper, we propose a formal analysis process that allows an analyst to filter the enormous amount of evidence collected and either identify crucial information about the attack (e.g., when it occurred, its culprit, its target) or, at the very least, perform a pre-analysis to reduce the complexity of the problem in order to then draw conclusions more swiftly and efficiently. We introduce the Evidence Logic EL for representing simple and derived pieces of evidence from different sources. We propose a procedure, based on monotonic reasoning, that rewrites the pieces of evidence with the use of tableau rules, based on relations of trust between sources and the reasoning behind the derived evidence, and yields a consistent set of pieces of evidence. As proof of concept, we apply our analysis process to a concrete cyber-forensics case study.

Text
KarafiliCV_2_ - Accepted Manuscript
Download (4kB)

More information

Accepted/In Press date: 1 April 2016
e-pub ahead of print date: 8 August 2018
Published date: 8 August 2018

Identifiers

Local EPrints ID: 438976
URI: http://eprints.soton.ac.uk/id/eprint/438976
ISSN: 0302-9743
PURE UUID: 20bf2b10-3484-4962-bb4a-93903f8dd2f6

Catalogue record

Date deposited: 30 Mar 2020 16:31
Last modified: 14 Sep 2021 18:43

Export record

Altmetrics

Contributors

Author: Erisa Karafili
Author: Matteo Cristani
Author: Luca Viganò
Editor: Javier Lopez
Editor: Jianying Zhou
Editor: Miguel Soriano

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×