The Mitnick case: How Bayes could have helped

Abstract

Digital forensics seeks to explain how an attack occurred and who perpetrated the attack. The process relies primarily on the investigator's knowledge, skill and experience, and is not easily automated. This paper uses Bayesian networks to model the investigative process, with the goal of automating forensic investigations. The methodology engages digital evidence acquired from compromised systems, knowledge about their configurations and vulnerabilities, and the results of previous investigations. All this information is stored in a database that provides a context for an investigation. The utility of the methodology is illustrated by applying it to the well-known Kevin Mitnick case. © 2006 International Federation for Information Processing.