The Open UniversitySkip to content
 

On Evidence Preservation Requirements for Forensic-Ready Systems

Alrajeh, Dalal; Pasquale, Liliana and Nuseibeh, Bashar (2017). On Evidence Preservation Requirements for Forensic-Ready Systems. In: ESEC/FSE 2017 Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, September 4–8, 2017, Paderborn, Germany, pp. 559–569.

Full text available as:
[img]
Preview
PDF (Accepted Manuscript) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (6MB) | Preview
DOI (Digital Object Identifier) Link: https://doi.org/10.1145/3106237.3106308
Google Scholar: Look up in Google Scholar

Abstract

Forensic readiness denotes the capability of a system to support digital forensic investigations of potential, known incidents by preserving in advance data that could serve as evidence explaining how an incident occurred. Given the increasing rate at which (potentially criminal) incidents occur, designing software systems that are forensic-ready can facilitate and reduce the costs of digital forensic investigations. However, to date, little or no attention has been given to how forensic-ready software systems can be designed systematically. In this paper we propose to explicitly represent evidence preservation requirements prescribing preservation of the minimal amount of data that would be relevant to a future digital investigation. We formalise evidence preservation requirements and propose an approach for synthesising specifications for systems to meet these requirements. We present our prototype implementation—based on a satisfiability solver and a logic-based learner—which we use to evaluate our approach, applying it to two digital forensic corpora. Our evaluation suggests that our approach preserves relevant data that could support hypotheses of potential incidents. Moreover, it enables significant reduction in the volume of data that would need to be examined during an investigation.

Item Type: Conference or Workshop Item
Copyright Holders: 2017 ACM
Keywords: Forensic-ready systems, requirements, specification synthesis
Academic Unit/School: Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM)
Research Group: Centre for Research in Computing (CRC)
International Development & Inclusive Innovation
Item ID: 50894
Depositing User: Sandra Miller
Date Deposited: 22 Sep 2017 15:24
Last Modified: 20 Dec 2017 16:53
URI: http://oro.open.ac.uk/id/eprint/50894
Share this page:

Altmetrics

Download history for this item

These details should be considered as only a guide to the number of downloads performed manually. Algorithmic methods have been applied in an attempt to remove automated downloads from the displayed statistics but no guarantee can be made as to the accuracy of the figures.

Actions (login may be required)

Policies | Disclaimer

© The Open University   contact the OU