Principles-driven forensic analysis

  • Peisert S
  • Karin S
  • Bishop M
 et al. 
  • 27


    Mendeley users who have this article in their library.
  • 15


    Citations of this article.


It is possible to enhance our understanding of what has happened on a computer system by using forensic techniques that do not require prediction of the nature of the attack, the skill of the attacker, or the details of the system resources or objects affected. These techniques address five fundamental principles of computer forensics. These principles include recording data about the entire operating system, particularly user space events and environments, and interpreting events at different layers of abstraction, aided by the context in which they occurred. They also deal with modeling the recorded data as a multi-resolution, finite state machine so that results can be established to a high degree of certainty rather than merely inferred.

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • Sean Peisert

  • Sidney Karin

  • Matt Bishop

  • Keith Marzullo

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free