Abstract
ThDeveloping a goal-oriented model for digital forensic evidence is critical because the reconstructed scenarios help forensic analysts not only understand steps taken by threat actors, but also present digital evidence in ways that are understandable in the court of law. In this paper, we propose a goal-oriented approach to reconstruct attack scenarios based on a forensic evidence acquisition model. We first build the model, from which digital forensic examiners can trace and collect forensic evidence, then formalize the graph and evaluate the semantics based on the evidence found on digital devices and their supporting environments. Finally, we apply the model to a typical scenario based on the semantics of the model. Our preliminary results show that our model can give any practitioner or investigator formal instructions to gather and rebuild the evidence in the simulation or real-world environment.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have