{"title":"数字证据的表达性和相关性的形式化处理","authors":"Jan Gruber, Merlin Humml","doi":"10.1145/3608485","DOIUrl":null,"url":null,"abstract":"Digital investigations are largely concerned with reconstructing past events based on traces in digital systems. Given their importance, many concepts have been established to describe their quality—most of them concerned with procedural aspects, i.e., authenticity and integrity, for example. Besides that, there exist principal concepts that have been overlooked in the past: Two of those criteria are relevance and expressiveness of digital evidence. Unlike others, those are directly concerned with reaching the investigative goal. Therefore, we approach these two overlooked concepts of digital evidence by giving formal definitions. To illustrate the usefulness, we present two applications: First, we demonstrate that the notions of expressiveness and completeness can be used to guide investigations by presenting the Facet-oriented Criminalistic Cycle as a thinking model, which extends the well-established criminalistic cycle. Second, we put the concepts into practice by calculating the expressiveness of facets from a state machine representation of a digital system utilizing temporal logic and a model checker. Furthermore, we sketch out the implications of this improved way of defining relevance and expressiveness. Accordingly, this article aims to improve the understanding of these critical aspects of the overall investigative process.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Formal Treatment of Expressiveness and Relevanceof Digital Evidence\",\"authors\":\"Jan Gruber, Merlin Humml\",\"doi\":\"10.1145/3608485\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Digital investigations are largely concerned with reconstructing past events based on traces in digital systems. Given their importance, many concepts have been established to describe their quality—most of them concerned with procedural aspects, i.e., authenticity and integrity, for example. Besides that, there exist principal concepts that have been overlooked in the past: Two of those criteria are relevance and expressiveness of digital evidence. Unlike others, those are directly concerned with reaching the investigative goal. Therefore, we approach these two overlooked concepts of digital evidence by giving formal definitions. To illustrate the usefulness, we present two applications: First, we demonstrate that the notions of expressiveness and completeness can be used to guide investigations by presenting the Facet-oriented Criminalistic Cycle as a thinking model, which extends the well-established criminalistic cycle. Second, we put the concepts into practice by calculating the expressiveness of facets from a state machine representation of a digital system utilizing temporal logic and a model checker. Furthermore, we sketch out the implications of this improved way of defining relevance and expressiveness. Accordingly, this article aims to improve the understanding of these critical aspects of the overall investigative process.\",\"PeriodicalId\":202552,\"journal\":{\"name\":\"Digital Threats: Research and Practice\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Digital Threats: Research and Practice\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3608485\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Digital Threats: Research and Practice","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3608485","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Formal Treatment of Expressiveness and Relevanceof Digital Evidence
Digital investigations are largely concerned with reconstructing past events based on traces in digital systems. Given their importance, many concepts have been established to describe their quality—most of them concerned with procedural aspects, i.e., authenticity and integrity, for example. Besides that, there exist principal concepts that have been overlooked in the past: Two of those criteria are relevance and expressiveness of digital evidence. Unlike others, those are directly concerned with reaching the investigative goal. Therefore, we approach these two overlooked concepts of digital evidence by giving formal definitions. To illustrate the usefulness, we present two applications: First, we demonstrate that the notions of expressiveness and completeness can be used to guide investigations by presenting the Facet-oriented Criminalistic Cycle as a thinking model, which extends the well-established criminalistic cycle. Second, we put the concepts into practice by calculating the expressiveness of facets from a state machine representation of a digital system utilizing temporal logic and a model checker. Furthermore, we sketch out the implications of this improved way of defining relevance and expressiveness. Accordingly, this article aims to improve the understanding of these critical aspects of the overall investigative process.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
