A Formal Model for Forensic Storage Media Preparation Tools

Benjamin Aziz, Philippe Massonet, Christophe Ponsard

2014

Abstract

This paper defines a model of a special type of digital forensics tools, known as digital media preparation forensic tools, using the formal refinement language Event-B. The complexity and criticality of many types of computer and Cyber crime nowadays combined with improper or incorrect use of digital forensic tools calls for the evidence produced by such tools to be able to meet the minimum admissibility standards the legal system requires, in general implying that it must be generated from reliable and robust tools. Despite the fact that some research and effort has been spent on the validation of digital media preparation forensic tools by means of testing (e.g. within NIST), the verification of such tools and the formal specification of their expected behaviour remains largely under-researched. The goal of this work is to provide a formal specification against which the implementations of such tools can be analysed and tested in the future.

References

  1. Abrial, J.-R. (1996). The B Book. Cambridge University Press.
  2. Abrial, J.-R. (2010). Modeling in Event-B: System and Software Design. Cambridge University Press.
  3. Beebe, N. and Clark, J. G. (2005). A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2):147-167.
  4. Carrier, B. D. and Spafford, E. H. (2004). An eventbased digital forensic investigation framework. In Proc. of the 4th Digital Forensic Research Workshop, DFRWS'04.
  5. Casey, E. (2011). Digital Evidence and Computer Crime Forensic Science, Computers and the Internet 3rd Ed. Elsevier.
  6. Casey, E. and Rose, C. (2010). Forensic Discovery: Handbook of Digital Forensics and Investigation. Academic Press.
  7. Ciardhuáin, S. O. (2004). An extended model of cybercrime investigations. IJDE, 3(1).
  8. Cohen, F. (2009). Digital Forensic Evidence Examination. Fred Cohen & Associates.
  9. Enbacka, A. (2007). Formal methods based approaches to digital forensics. Master's thesis, A° bo Akademi University.
  10. Friedberg, S. (2012). Report of Digital Forensic Analysis in: Paul D. Ceglia v. Mark Elliot Zuckerberg, Individually, and Facebook, Inc. Technical Report Civil Action No: 1:10-cv-00569-RJA.
  11. Garfinkel, S., Farrell, P., Roussev, V., and Dinolt, G. (2009). Bringing science to digital forensics with standardized forensic corpora. Digital Investigation, 6:2-11.
  12. Gladyshev, P. and Enbacka, A. (2007). Rigorous Development of Automated Inconsistency Checks for Digital Evidence Using the B Method. IJDE, 6(2).
  13. Ieong, R. S. C. (2006). Forza - digital forensics investigation framework that incorporate legal issues. Digital Investigation, 3(Supplement-1):29-36.
  14. Linas, A. E. and Laibinis (2005). Formal Specification and Refinement of a Write Blocker System for Digital Forensics. Technical Report 718.
  15. NIST (2003). Software write block tool specification and test plan (v3.0). Technical report, NIST.
  16. NIST (2005). Forensic media preparation tool test assertions and test plan (v1.0). Technical report, NIST.
  17. NIST (2009). Forensic storage media preparation tool specification (v1.0). Technical report, NIST.
Download


Paper Citation


in Harvard Style

Aziz B., Massonet P. and Ponsard C. (2014). A Formal Model for Forensic Storage Media Preparation Tools . In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 165-170. DOI: 10.5220/0004996001650170


in Bibtex Style

@conference{secrypt14,
author={Benjamin Aziz and Philippe Massonet and Christophe Ponsard},
title={A Formal Model for Forensic Storage Media Preparation Tools},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={165-170},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004996001650170},
isbn={978-989-758-045-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - A Formal Model for Forensic Storage Media Preparation Tools
SN - 978-989-758-045-1
AU - Aziz B.
AU - Massonet P.
AU - Ponsard C.
PY - 2014
SP - 165
EP - 170
DO - 10.5220/0004996001650170