Finite state machine approach to digital event reconstruction

Pavel Gladyshev, Ahmed Patel

Research output: Contribution to journalArticle

70 Citations (Scopus)

Abstract

This paper presents a rigorous method for reconstructing events in digital systems. It is based on the idea, that once the system is described as a finite state machine, its state space can be explored to determine all possible scenarios of the incident. To formalize evidence, the evidential statement notation is introduced. It represents the facts conveyed by the evidence as a series of witness stories that restrict possible computations of the finite state machine. To automate event reconstruction, a generic event reconstruction algorithm is proposed. It computes the set of all possible explanations for the given evidential statement with respect to the given finite state machine.

Original languageEnglish
Pages (from-to)130-149
Number of pages20
JournalDigital Investigation
Volume1
Issue number2
DOIs
Publication statusPublished - Jun 2004
Externally publishedYes

Fingerprint

Finite automata
reconstruction
event
witness
evidence
incident
scenario

Keywords

  • Algorithm
  • Digital
  • Event
  • Forensics
  • Reconstruction
  • State machine

ASJC Scopus subject areas

  • Computer Science (miscellaneous)
  • Law
  • Engineering (miscellaneous)

Cite this

Finite state machine approach to digital event reconstruction. / Gladyshev, Pavel; Patel, Ahmed.

In: Digital Investigation, Vol. 1, No. 2, 06.2004, p. 130-149.

Research output: Contribution to journalArticle

Gladyshev, Pavel ; Patel, Ahmed. / Finite state machine approach to digital event reconstruction. In: Digital Investigation. 2004 ; Vol. 1, No. 2. pp. 130-149.
@article{f0949874b0294ae787b0e2284618beb6,
title = "Finite state machine approach to digital event reconstruction",
abstract = "This paper presents a rigorous method for reconstructing events in digital systems. It is based on the idea, that once the system is described as a finite state machine, its state space can be explored to determine all possible scenarios of the incident. To formalize evidence, the evidential statement notation is introduced. It represents the facts conveyed by the evidence as a series of witness stories that restrict possible computations of the finite state machine. To automate event reconstruction, a generic event reconstruction algorithm is proposed. It computes the set of all possible explanations for the given evidential statement with respect to the given finite state machine.",
keywords = "Algorithm, Digital, Event, Forensics, Reconstruction, State machine",
author = "Pavel Gladyshev and Ahmed Patel",
year = "2004",
month = "6",
doi = "10.1016/j.diin.2004.03.001",
language = "English",
volume = "1",
pages = "130--149",
journal = "Digital Investigation",
issn = "1742-2876",
publisher = "Elsevier Limited",
number = "2",

}

TY - JOUR

T1 - Finite state machine approach to digital event reconstruction

AU - Gladyshev, Pavel

AU - Patel, Ahmed

PY - 2004/6

Y1 - 2004/6

N2 - This paper presents a rigorous method for reconstructing events in digital systems. It is based on the idea, that once the system is described as a finite state machine, its state space can be explored to determine all possible scenarios of the incident. To formalize evidence, the evidential statement notation is introduced. It represents the facts conveyed by the evidence as a series of witness stories that restrict possible computations of the finite state machine. To automate event reconstruction, a generic event reconstruction algorithm is proposed. It computes the set of all possible explanations for the given evidential statement with respect to the given finite state machine.

AB - This paper presents a rigorous method for reconstructing events in digital systems. It is based on the idea, that once the system is described as a finite state machine, its state space can be explored to determine all possible scenarios of the incident. To formalize evidence, the evidential statement notation is introduced. It represents the facts conveyed by the evidence as a series of witness stories that restrict possible computations of the finite state machine. To automate event reconstruction, a generic event reconstruction algorithm is proposed. It computes the set of all possible explanations for the given evidential statement with respect to the given finite state machine.

KW - Algorithm

KW - Digital

KW - Event

KW - Forensics

KW - Reconstruction

KW - State machine

UR - http://www.scopus.com/inward/record.url?scp=3042854565&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=3042854565&partnerID=8YFLogxK

U2 - 10.1016/j.diin.2004.03.001

DO - 10.1016/j.diin.2004.03.001

M3 - Article

AN - SCOPUS:3042854565

VL - 1

SP - 130

EP - 149

JO - Digital Investigation

JF - Digital Investigation

SN - 1742-2876

IS - 2

ER -