Abstract
This paper proposes an execution-based formal approach for digital forensic investigation. It considers an attack scenario as a sequence of legitimate and malicious actions. Using a library of potential hypotheses, a library of legitimate actions and a formal description of the system under investigation, our approach works by rebuilding the attack scenarios in forward and backward chaining manner. During reconstruction, malicious events are generated based on selected hypotheses. The execution graph is produced with an enhancement in states representation and hypotheses management. A case study on a compromised FTP server is provided to show how our method performs practically.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
