Building forensics in: supporting the investigation of digital criminal activities (invited talk)

Proceedings of the 1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics Pub Date : 2017-09-04 DOI:10.1145/3121252.3127582

L. Williams

{"title":"Building forensics in: supporting the investigation of digital criminal activities (invited talk)","authors":"L. Williams","doi":"10.1145/3121252.3127582","DOIUrl":null,"url":null,"abstract":"Logging mechanisms that capture detailed traces of user activity, including creating, reading, updating, and deleting (CRUD) data, facilitate meaningful forensic analysis following a security or privacy breach. However, software requirements often inadequately and inconsistently state 'what' user actions should be logged, thus hindering meaningful forensic analysis. In this talk, we will explore a variety of techniques for building a software system that supports forensic analysis. We will discuss systematic heuristics-driven and patterns-driven processes for identifying log events that must be logged based on user actions and potential accidental and malicious use, as described in natural language software artifacts. We then discuss systematic process for creating a black-box test suite for verifying the identified log events are logged. Using the results of executing the black-box test suite, we propose and evaluate a security metric for measuring the forensic-ability of user activity logs.","PeriodicalId":252458,"journal":{"name":"Proceedings of the 1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3121252.3127582","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Logging mechanisms that capture detailed traces of user activity, including creating, reading, updating, and deleting (CRUD) data, facilitate meaningful forensic analysis following a security or privacy breach. However, software requirements often inadequately and inconsistently state 'what' user actions should be logged, thus hindering meaningful forensic analysis. In this talk, we will explore a variety of techniques for building a software system that supports forensic analysis. We will discuss systematic heuristics-driven and patterns-driven processes for identifying log events that must be logged based on user actions and potential accidental and malicious use, as described in natural language software artifacts. We then discuss systematic process for creating a black-box test suite for verifying the identified log events are logged. Using the results of executing the black-box test suite, we propose and evaluate a security metric for measuring the forensic-ability of user activity logs.

查看原文本刊更多论文

建立法医学:支持数码犯罪活动的调查(特邀演讲)

记录机制捕获用户活动的详细跟踪，包括创建、读取、更新和删除(CRUD)数据，有助于在安全或隐私泄露之后进行有意义的取证分析。然而，软件需求经常不充分和不一致地说明“什么”用户操作应该被记录，从而阻碍了有意义的取证分析。在这次演讲中，我们将探讨构建支持法医分析的软件系统的各种技术。我们将讨论系统的启发式驱动和模式驱动的过程，用于识别必须根据用户操作和潜在的意外和恶意使用记录的日志事件，如自然语言软件工件中所述。然后我们讨论创建黑盒测试套件的系统过程，以验证已识别的日志事件被记录下来。使用执行黑盒测试套件的结果，我们提出并评估了用于度量用户活动日志取证能力的安全度量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics

自引率

0.00%

发文量