Research Article
Reasoning About a Simulated Printer Case Investigation with Forensic Lucid
@INPROCEEDINGS{10.1007/978-3-642-35515-8_23, author={Serguei Mokhov and Joey Paquet and Mourad Debbabi}, title={Reasoning About a Simulated Printer Case Investigation with Forensic Lucid}, proceedings={Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers}, proceedings_a={ICDF2C}, year={2012}, month={12}, keywords={Forensic Lucid cybercrime investigation modeling intensional logic and programming cyberforensics finite-state automata}, doi={10.1007/978-3-642-35515-8_23} }- Serguei Mokhov
Joey Paquet
Mourad Debbabi
Year: 2012
Reasoning About a Simulated Printer Case Investigation with Forensic Lucid
ICDF2C
Springer
DOI: 10.1007/978-3-642-35515-8_23
Abstract
In this work we model the ACME (a fictitious company name) “printer case incident” and make its specification in Forensic Lucid, a Lucid- and intensional-logic-based programming language for cyberforensic analysis and event reconstruction specification. The printer case involves a dispute between two parties that was previously solved using the finite-state automata (FSA) approach, and is now re-done in a more usable way in Forensic Lucid. Our approach is based on the said case modeling by encoding concepts like evidence and the related witness accounts as an evidential statement context in a Forensic Lucid “program”. The evidential statement is an input to the transition function that models the possible deductions in the case. We then invoke the transition function (actually its reverse) with the evidential statement context to see if the evidence we encoded agrees with one’s claims and then attempt to reconstruct the sequence of events that may explain the claim or disprove it.