Relating Admissibility Standards for Digital Evidence to Attack Scenario Reconstruction
Attackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-forensic tools to make it difficult to find incriminating evidence and reconstruct attack scenarios that can stand up to the expected level of evidence admissibility in a court of law. As a solution,...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Association of Digital Forensics, Security and Law
2014-09-01
|
| Series: | Journal of Digital Forensics, Security and Law |
| Online Access: | http://ojs.jdfsl.org/index.php/jdfsl/article/view/278 |
| _version_ | 1828472675905830912 |
|---|---|
| author | Changwei Liu Anoop Singhal Duminda Wijesekera |
| author_facet | Changwei Liu Anoop Singhal Duminda Wijesekera |
| author_sort | Changwei Liu |
| collection | DOAJ |
| description | Attackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-forensic tools to make it difficult to find incriminating evidence and reconstruct attack scenarios that can stand up to the expected level of evidence admissibility in a court of law. As a solution, we propose to integrate the legal aspects of evidence correlation into a Prolog based reasoner to address the admissibility requirements by creating most probable attack scenarios that satisfy admissibility standards for substantiating evidence. Using a prototype implementation, we show how evidence extracted by using forensic tools can be integrated with legal reasoning to reconstruct network attack scenarios. Our experiment shows this implemented reasoner can provide pre-estimate of admissibility on a digital crime towards an attacked network. |
| first_indexed | 2024-12-11T05:33:17Z |
| format | Article |
| id | doaj.art-505f11734dd24ad6a821c7e5253941ac |
| institution | Directory Open Access Journal |
| issn | 1558-7215 1558-7223 |
| language | English |
| last_indexed | 2024-12-11T05:33:17Z |
| publishDate | 2014-09-01 |
| publisher | Association of Digital Forensics, Security and Law |
| record_format | Article |
| series | Journal of Digital Forensics, Security and Law |
| spelling | doaj.art-505f11734dd24ad6a821c7e5253941ac2022-12-22T01:19:22ZengAssociation of Digital Forensics, Security and LawJournal of Digital Forensics, Security and Law1558-72151558-72232014-09-0192181196179Relating Admissibility Standards for Digital Evidence to Attack Scenario ReconstructionChangwei Liu0Anoop Singhal1Duminda Wijesekera2George Mason UniversityNational Institute of Standards and TechnologyGeorge Mason UniversityAttackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-forensic tools to make it difficult to find incriminating evidence and reconstruct attack scenarios that can stand up to the expected level of evidence admissibility in a court of law. As a solution, we propose to integrate the legal aspects of evidence correlation into a Prolog based reasoner to address the admissibility requirements by creating most probable attack scenarios that satisfy admissibility standards for substantiating evidence. Using a prototype implementation, we show how evidence extracted by using forensic tools can be integrated with legal reasoning to reconstruct network attack scenarios. Our experiment shows this implemented reasoner can provide pre-estimate of admissibility on a digital crime towards an attacked network.http://ojs.jdfsl.org/index.php/jdfsl/article/view/278 |
| spellingShingle | Changwei Liu Anoop Singhal Duminda Wijesekera Relating Admissibility Standards for Digital Evidence to Attack Scenario Reconstruction Journal of Digital Forensics, Security and Law |
| title | Relating Admissibility Standards for Digital Evidence to Attack Scenario Reconstruction |
| title_full | Relating Admissibility Standards for Digital Evidence to Attack Scenario Reconstruction |
| title_fullStr | Relating Admissibility Standards for Digital Evidence to Attack Scenario Reconstruction |
| title_full_unstemmed | Relating Admissibility Standards for Digital Evidence to Attack Scenario Reconstruction |
| title_short | Relating Admissibility Standards for Digital Evidence to Attack Scenario Reconstruction |
| title_sort | relating admissibility standards for digital evidence to attack scenario reconstruction |
| url | http://ojs.jdfsl.org/index.php/jdfsl/article/view/278 |
| work_keys_str_mv | AT changweiliu relatingadmissibilitystandardsfordigitalevidencetoattackscenarioreconstruction AT anoopsinghal relatingadmissibilitystandardsfordigitalevidencetoattackscenarioreconstruction AT dumindawijesekera relatingadmissibilitystandardsfordigitalevidencetoattackscenarioreconstruction |