Formalising Event Reconstruction in Digital Investigations

Pavel Gladyshev, Ph.D. dissertation, 2004

Summary

This dissertation investigates the theory and practice of event reconstruction in digital investigations. The main outcome of this work is a formalisation of event reconstruction in terms of state machine model of computation. This formalisation is validated through the development of a generic event reconstruction algorithm and its application to sample event reconstruction problems.

Frontmatter

1. Introduction
2. Legal view of digital evidence
3. Concepts of digital forensics
4. The need for a theory of event reconstruction
5. Theoretical background
6. Formalisation of event reconstruction problem
7. Event reconstruction algorithm
8. Evaluation
9. Conclusions and future work

Bibliography

Appendices

A. Selected ACL2 functions and macros
B. Prefix based representation of computation sets
C. Source code
D. Evidence of publication

Last updated 27/03/2020

Formalising Event Reconstruction in Digital Investigations

Summary

Contents