It is possible to enhance our understanding of what has happened on a computer system by using forensic techniques that do not require prediction of the nature of the attack, the skill of the attacker, or the details of the system resources or objects affected. These techniques address five fundamental principles of computer forensics. These principles include recording data about the entire operating system, particularly user space events and environments, and interpreting events at different layers of abstraction, aided by the context in which they occurred. They also deal with modeling the recorded data as a multi-resolution, finite state machine so that results can be established to a high degree of certainty rather than merely inferred. © 2006 ACM.
CITATION STYLE
Peisert, S., Bishop, M., Karin, S., & Marzullo, K. (2006). Principles-driven forensic analysis. In Proceedings New Security Paradigms Workshop (Vol. 2006, pp. 85–93). https://doi.org/10.1145/1146269.1146291
Mendeley helps you to discover research relevant for your work.