Abstract
In the past, computer forensics was only used by means of investigation. However, nowadays, due to the sharp increase of awareness of computer security, computer forensics becomes very significant even to the nonprofessionals, and it needs inference as well as the integrity and reliability of the procedure. In this paper, we describe the inference rules using Fuzzy Petri Nets and adapt the collected data in a compromised system to a proposition for inference of the intrusion information. The inferred results are expressed as formalized 5W1H format. The COMFEX(COMputer Forensic EXpert system) is inferable, even if the data is damaged in certain section, and the inference function of uncertainty is improved. This is useful to a system administrator who has weak analyzing ability of hacking, and it has improved capacity of managing the system security.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Palmer, G.: A road map for digital forensic research. In: Digital Forensics Research Workshop (2001, 2002, 2003)
Carrier, B.: Open source digital forensics tools: the legal argument, @stake (October 2003)
Kruse, W.G., Heiser, J.G.: Computer Forensics: Incident Response Essentials. Addison Wesley, Reading (2001)
Vacca, J.R.: Computer Forensics: Computer Crime Scene Investigation. Charles River Media (2002)
Marcella, A.J., Greenfield, R.S.: Cyber Foreniscs: A field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Auerbach (2002)
Guidance Software, EnCase Product Description, whitepaper (April 2005)
Carrier, B.: Sleuthkit v2.04 (May 2006), available at: http://sleuthkit.org
Hwang, H., Kim, M., Noh, B.: COMFEX: Linux forensic system supporting original informa-tion collection and hacking analysis. In: WISA 2003 (August 2003)
Carrier, B.: ’Defining digital forensic examination and analysis tools using abstraction layers. International Journal of Digital Evidence 1(4) (2003)
Russell, S.J., Norvig, P.: Artificial Intelligence: A modern Approach. Addison-Wesley, Reading (1995)
Yager, R.R.: Approximate reasoning as a basis for rule-based expert systems. IEEE Trans. Syst. SMC-14(4), 636–643 (1984)
Murata, T.: Petri nets: properties, analysis and applications. Proceedings of the IEEE 77(4), 541–580 (1989)
Peterson, J.L.: Petri Net Theory and the Modeling of Systems. Prentice-hall, Englewood Cliffs (1981)
Chen, S., Ke, J., Chang, J.: Knowledge representation using fuzzy Petri nets. IEEE Transac-tion on Knowledge and Data Engineering 2(3), 311–667 (1990)
SANS Institute, Ramen worm (2001), Available at: http://www.sans.org/y2k/ramen.htm
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hwang, HU., Kim, MS., Noh, BN. (2007). Expert System Using Fuzzy Petri Nets in Computer Forensics. In: Szczuka, M.S., et al. Advances in Hybrid Information Technology. ICHIT 2006. Lecture Notes in Computer Science(), vol 4413. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77368-9_31
Download citation
DOI: https://doi.org/10.1007/978-3-540-77368-9_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77367-2
Online ISBN: 978-3-540-77368-9
eBook Packages: Computer ScienceComputer Science (R0)