University of Limerick
Browse

Self-forensics through case studies of small-to-medium software systems.

Download (327.36 kB)
conference contribution
posted on 2012-03-12, 10:34 authored by Serguei A. Mokhov, Emil VassevEmil Vassev
The notion and definition of self-forensics was introduced by Mokhov to encompass software and hardware capabilities for autonomic and other systems to record their own states, events, and others encoded in a forensic form suitable for (potentially automated) forensic analysis, evidence modeling and specification, and event reconstruction for various system components. For self-forensics, “self-dissection” is possible for analysis using a standard language and decision making if the system includes such a self-forensic subsystem. The self-forensic evidence is encoded in a cyberforensic investigation case and event reconstruction language, Forensic Lucid. The encoding of the stories depicted by the evidence comprise a context as a first-class value of a Forensic Lucid “program”, after which an investigator models the case describing relationships between various events and pieces of information. It is important to get the context right for the case to have a meaning and the proper meaning computation, so we perform case studies of some small-to-medium, distributed and not, primarily academic open-source software systems. In this work, for the purpose of implementation of the small self-forensic modules for the data structures and event flow, we specify the requirements of what the context should be for those systems. The systems share in common the base programming language – Java, so our self-forensic logging of the Java data structures and events as Forensic Lucid context specification expressions is laid out ready for an investigator to examine and model the case.

Funding

The Role of Pathogen-Environment Interactions in the Pandemic Potential of Influenza

National Institute of Allergy and Infectious Diseases

Find out more...

A new method for transforming data to normality with application to density estimation

National Research Foundation

Find out more...

History

Publication

Proceedings of the 5th International Conference on IT Security Incident Management and IT Forensics;09/2009

Publisher

IEEE Computer Society

Note

peer-reviewed

Other Funding information

NSERC, IRCSET, SFI

Rights

“© 2009 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Language

English

Usage metrics

    University of Limerick

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC