{"title":"建立法医学:支持数码犯罪活动的调查(特邀演讲)","authors":"L. Williams","doi":"10.1145/3121252.3127582","DOIUrl":null,"url":null,"abstract":"Logging mechanisms that capture detailed traces of user activity, including creating, reading, updating, and deleting (CRUD) data, facilitate meaningful forensic analysis following a security or privacy breach. However, software requirements often inadequately and inconsistently state 'what' user actions should be logged, thus hindering meaningful forensic analysis. In this talk, we will explore a variety of techniques for building a software system that supports forensic analysis. We will discuss systematic heuristics-driven and patterns-driven processes for identifying log events that must be logged based on user actions and potential accidental and malicious use, as described in natural language software artifacts. We then discuss systematic process for creating a black-box test suite for verifying the identified log events are logged. Using the results of executing the black-box test suite, we propose and evaluate a security metric for measuring the forensic-ability of user activity logs.","PeriodicalId":252458,"journal":{"name":"Proceedings of the 1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Building forensics in: supporting the investigation of digital criminal activities (invited talk)\",\"authors\":\"L. Williams\",\"doi\":\"10.1145/3121252.3127582\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Logging mechanisms that capture detailed traces of user activity, including creating, reading, updating, and deleting (CRUD) data, facilitate meaningful forensic analysis following a security or privacy breach. However, software requirements often inadequately and inconsistently state 'what' user actions should be logged, thus hindering meaningful forensic analysis. In this talk, we will explore a variety of techniques for building a software system that supports forensic analysis. We will discuss systematic heuristics-driven and patterns-driven processes for identifying log events that must be logged based on user actions and potential accidental and malicious use, as described in natural language software artifacts. We then discuss systematic process for creating a black-box test suite for verifying the identified log events are logged. Using the results of executing the black-box test suite, we propose and evaluate a security metric for measuring the forensic-ability of user activity logs.\",\"PeriodicalId\":252458,\"journal\":{\"name\":\"Proceedings of the 1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics\",\"volume\":\"11 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-09-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3121252.3127582\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3121252.3127582","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Building forensics in: supporting the investigation of digital criminal activities (invited talk)
Logging mechanisms that capture detailed traces of user activity, including creating, reading, updating, and deleting (CRUD) data, facilitate meaningful forensic analysis following a security or privacy breach. However, software requirements often inadequately and inconsistently state 'what' user actions should be logged, thus hindering meaningful forensic analysis. In this talk, we will explore a variety of techniques for building a software system that supports forensic analysis. We will discuss systematic heuristics-driven and patterns-driven processes for identifying log events that must be logged based on user actions and potential accidental and malicious use, as described in natural language software artifacts. We then discuss systematic process for creating a black-box test suite for verifying the identified log events are logged. Using the results of executing the black-box test suite, we propose and evaluate a security metric for measuring the forensic-ability of user activity logs.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
