Unifying computer forensics modeling approaches: a software engineering perspective

As an effort to introduce formalism into computer forensics, researchers have presented various modeling techniques for planning, analysis, and documentation of forensics activities. These modeling techniques provide representations of various forensics subjects such as investigative processes, chain of events, and evidence tests. From a software engineering perspective, it seems that several of these computer forensics modeling approaches may be unified to create a more complete, multi-view modeling methodology for examination planning and analysis. This paper proposes a core set of modeling views for a unified computer forensics modeling methodology: investigative process view, case domain view, and, evidence view. An example email threat case scenario is used as the context for a multi-view modeling example.

[1]  Seamus O. Ciardhuáin,et al.  An Extended Model of Cybercrime Investigations , 2004, Int. J. Digit. EVid..

[2]  R S Pressman,et al.  Software engineering: a practitioner's approach (2nd ed.) , 1986 .

[3]  Florian P. Buchholz,et al.  Design and Implementation of Zeitline: a Forensic Timeline Editor , 2005, DFRWS.

[4]  정인기,et al.  [서평]「Applying UML and Patterns - An Introduction to Object-Oriented Analysis and Design」 , 1998 .

[5]  Nicole Beebe,et al.  A hierarchical, objectives-based framework for the digital investigations process , 2005, Digit. Investig..

[6]  Craig Larman,et al.  Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and the Unified Process , 2001 .

[7]  Mattia Monga,et al.  How to Reuse Knowledge about Forensic Investigations , 2004 .

[8]  Craig Larman,et al.  Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and Iterative Development (3rd Edition) , 1997 .

[9]  Peter Stephenson Applying DIPL to an Incident Post Mortem , 2003 .

[10]  David A. Dampier,et al.  Preparing for Large-Scale Investigations with Case Domain Modeling , 2005, DFRWS.

[11]  Venansius Baryamureeba,et al.  The Enhanced Digital Investigation Process Model , 2004 .

[12]  Eugene H. Spafford,et al.  Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..

[13]  David A. Dampier,et al.  Modeling Evidence Recovery from Digital Media , 2005 .

[14]  Philip Turner,et al.  Unification of Digital Evidence from Disparate Sources (Digital Evidence Bags) , 2005, DFRWS.

[15]  Roger S. Pressman,et al.  Software Engineering: A Practitioner's Approach , 1982 .