System Support for Forensic Inference

  • Ashish Gehani
  • Florent Kirchner
  • Natarajan Shankar
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 306)


Digital evidence is playing an increasingly important role in prosecuting crimes. The reasons are manifold: financially lucrative targets are now connected online, systems are so complex that vulnerabilities abound and strong digital identities are being adopted, making audit trails more useful. If the discoveries of forensic analysts are to hold up to scrutiny in court, they must meet the standard for scientific evidence. Software systems are currently developed without consideration of this fact. This paper argues for the development of a formal framework for constructing “digital artifacts” that can serve as proxies for physical evidence; a system so imbued would facilitate sound digital forensic inference. A case study involving a filesystem augmentation that provides transparent support for forensic inference is described.


Automated analysis evidence generation intuitionistic logic 


  1. 1.
    M. Abadi, On SDSI’s linked local name spaces, Journal of Computer Security, vol. 6(1-2), pp. 3–21, 1998.CrossRefGoogle Scholar
  2. 2.
    V. Bernat, H. Ruess and N. Shankar, First-Order CyberLogic, Technical Report, SRI International, Menlo Park, California (ftp.csl.sri .com/pub/users/shankar/cyberlogic-report.pdf), 2005.Google Scholar
  3. 3.
    Court of Appeals of the District of Columbia, Frye v. United States, Federal Reporter, vol. 293, pp. 1013–1014, 1924.Google Scholar
  4. 4.
    GENI Project Office, Global Environment for Network Innovations, BBN Technologies, Cambridge, Massachusetts ( Scholar
  5. 5.
    International Business Machines, Security policy definition, Armonk, New York ( ing/gbs/a1002391).Google Scholar
  6. 6.
    B. Lampson, Protection, ACM Operating Systems Reviews, vol. 8(1), pp. 18–24, 1974.CrossRefGoogle Scholar
  7. 7.
    U. Maurer, Modeling a public key infrastructure, Proceedings of the Fourth European Symposium on Research in Computer Security, pp. 325–350, 1996.CrossRefGoogle Scholar
  8. 8.
    J. Moschovakis, Intuitionistic logic, Stanford Encyclopedia of Philosophy, Metaphysics Research Laboratory, Stanford University, Palo Alto, California ( Scholar
  9. 9.
    G. Nadathur, A proof procedure for the logic of hereditary Harrop formulas, Journal of Automated Reasoning, vol. 11(1), pp. 115–145, 1993.CrossRefGoogle Scholar
  10. 10.
    W. Quine, The Ways of Paradox, Harvard University Press, Cambridge, Massachusetts, 1962.Google Scholar
  11. 11.
    M. Reiter and S. Stubblebine, Toward acceptable metrics of authentication, Proceedings of the IEEE Symposium on Security and Privacy, pp. 10–20, 1997.Google Scholar
  12. 12.
    SourceForge, FUSE: Filesystem in userspace ( Scholar
  13. 13.
    Sun Microsystems, Security policy services, Santa Clara, California ( Scholar
  14. 14.
    Supreme Court of Texas, Merrell Dow Pharmaceuticals, Inc. v. Havner, South Western Reporter, vol. 953(S.W.2d), pp. 706–733, 1998.Google Scholar
  15. 15.
    Trusted Computing Group, Beaverton, Oregon (www.trustedcomp Scholar
  16. 16.
    U.S. Government, Health Insurance Portability and Accountability Act, Public Law 104–191, United States Statutes at Large, vol. 110(3), pp. 1936–2103, 1997.Google Scholar
  17. 17.
    U.S. Government, Gramm-Leach-Bliley Act, Public Law 106–102, 106th Congress, United States Statutes at Large, vol. 113(2), pp. 1338–1481, 2000.Google Scholar
  18. 18.
    U.S. Government, Sarbanes-Oxley Act, Public Law 107–204, 107th Congress, United States Statutes at Large, vol. 116(1), pp. 745–810, 2003.Google Scholar
  19. 19.
    U.S. Supreme Court, Daubert v. Merrell Dow Pharmaceuticals, Inc., United States Reports, vol. 509, pp. 579–601, 1983.Google Scholar
  20. 20.
    J. van Heijenoort, From Frege to Godel: A Source Book in Mathematical Logic 1879–1931, Harvard University Press, Cambridge, Massachusetts, 1967.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Ashish Gehani
  • Florent Kirchner
  • Natarajan Shankar

There are no affiliations available

Personalised recommendations