TY - GEN
T1 - User action representation and automated reasoning for the forensic analysis of mobile devices
AU - Anglano, Cosimo
AU - Canonico, Massimo
AU - Giordano, Laura
AU - Guazzone, Marco
AU - Theseider Dupre, Daniele
N1 - Publisher Copyright:
© 2021 ACM.
PY - 2021/8/17
Y1 - 2021/8/17
N2 - We propose a framework for structuring the description and results of the forensic analysis of actions of investigative interest in digital applications, and for automated reasoning on such actions. A high level of abstraction is suitable for forensic stakeholders that are not ICT experts; other levels are suitable for automating experiments on the devices to establish traces left by actions, and for associating the results of the experiments. Such results are used in a computational logic framework to conclude evidence on the occurrence of actions. The evidence can be presented to stakeholders or used in further automated reasoning, and traced back to data on the device.
AB - We propose a framework for structuring the description and results of the forensic analysis of actions of investigative interest in digital applications, and for automated reasoning on such actions. A high level of abstraction is suitable for forensic stakeholders that are not ICT experts; other levels are suitable for automating experiments on the devices to establish traces left by actions, and for associating the results of the experiments. Such results are used in a computational logic framework to conclude evidence on the occurrence of actions. The evidence can be presented to stakeholders or used in further automated reasoning, and traced back to data on the device.
KW - Automated forensic analysis
KW - Computational logic
KW - Digital forensics
UR - http://www.scopus.com/inward/record.url?scp=85113264106&partnerID=8YFLogxK
U2 - 10.1145/3465481.3470053
DO - 10.1145/3465481.3470053
M3 - Conference contribution
AN - SCOPUS:85113264106
T3 - ACM International Conference Proceeding Series
BT - 16th International Conference on Availability, Reliability and Security, ARES 2021
PB - Association for Computing Machinery
T2 - 16th International Conference on Availability, Reliability and Security, ARES 2021
Y2 - 17 August 2021 through 20 August 2021
ER -