Powered by
1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics (SERF 2017),
September 4, 2017,
Paderborn, Germany
1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics (SERF 2017)
Message from the Chairs
Digital forensics is a growing field focused on techniques for discovering, collecting, preserving, analysing, interpreting, and presenting digital evidence from digital sources for proof of (anticipated) wrongdoing and ultimately for prosecution of criminal activity. The SERF workshop aims to explore the role of software engineering (SE) in the design of systems that support or implement digital forensic tasks. SERF is intended to be a multi-disciplinary workshop that brings together researchers and practitioners from the software engineering and digital forensics communities to identify open challenges in digital forensics, assess the status of SE approaches in tackling these challenges, create new opportunities for collaborations in this area, and to strengthen the frontier of SE research in this problem domain.
Building Forensics In: Supporting the Investigation of Digital Criminal Activities (Invited Talk)
Laurie Williams
(North Carolina State University, USA)
Logging mechanisms that capture detailed traces of user activity, including creating, reading, updating, and deleting (CRUD) data, facilitate meaningful forensic analysis following a security or privacy breach. However, software requirements often inadequately and inconsistently state “what” user actions should be logged, thus hindering meaningful forensic analysis. In this talk, we will explore a variety of techniques for building a software system that supports forensic analysis. We will discuss systematic heuristics-driven and patterns-driven processes for identifying log events that must be logged based on user actions and potential accidental and malicious use, as described in natural language software artifacts. We then discuss systematic process for creating a black-box test suite for verifying the identified log events are logged. Using the results of executing the black-box test suite, we propose and evaluate a security metric for measuring the forensic-ability of user activity logs.
@InProceedings{SERF17p1,
author = {Laurie Williams},
title = {Building Forensics In: Supporting the Investigation of Digital Criminal Activities (Invited Talk)},
booktitle = {Proc.\ SERF},
publisher = {ACM},
pages = {1--1},
doi = {},
year = {2017},
}
Use of Organisational Topologies for Forensic Investigations
George Grispos, Sorren Hanvey, and Bashar Nuseibeh
(Lero, Ireland; Open University, UK)
In today's highly regulated business environment, it is becoming increasingly important that organisations implement forensic-ready systems and architectures to aid the investigation of security incidents and data breaches. Previously, different solutions have been proposed for implementing forensic readiness within organisations. One of these solutions is that organisations implement an organisational structure that takes into consideration digital forensics by establishing roles and responsibilities to assist with investigations. However, no previous research has defined how this can actually be accomplished within an organisation. In this paper, we put forth the idea of using the topology of an organisation's structure to define the roles and responsibilities to assist with handling a forensic investigation. In the past, the role of topology has been examined from various perspectives, including software engineering. We draw on this previous research and use the topological properties of containment, proximity and reachability in order to define a representation of the organisational structure that takes into consideration digital forensics. For example, topology can be used to express and provide a context regarding the location of assets that need to be investigated, as well as the individuals, whose assistance is required to investigate such assets. Furthermore, knowing the topology of an organisation's structure can also assist investigators identify stakeholders that could be of interest to an investigation, based on their relationship to the asset(s) under investigation.
@InProceedings{SERF17p2,
author = {George Grispos and Sorren Hanvey and Bashar Nuseibeh},
title = {Use of Organisational Topologies for Forensic Investigations},
booktitle = {Proc.\ SERF},
publisher = {ACM},
pages = {2--5},
doi = {},
year = {2017},
}
Sustainable Automated Data Recovery: A Research Roadmap
Jeroen van den Bos
(Netherlands Forensic Institute, Netherlands; Zuyd University of Applied Sciences, Netherlands)
Digital devices contain increasingly more data and applications. This means more data to handle and a larger amount of different types of traces to recover and consider in digital forensic investigations. Both present a challenge to data recovery approaches, requiring higher performance and increased flexibility.
In order to progress to a long-term sustainable approach to automated data recovery, this paper proposes a partitioning into manual, custom, formalized and self-improving approaches. These approaches are described along with research directions to consider: building universal abstractions, selecting appropriate techniques and developing user-friendly tools.
@InProceedings{SERF17p6,
author = {Jeroen van den Bos},
title = {Sustainable Automated Data Recovery: A Research Roadmap},
booktitle = {Proc.\ SERF},
publisher = {ACM},
pages = {6--9},
doi = {},
year = {2017},
}
Snap Forensics: A Tradeoff between Ephemeral Intelligence and Persistent Evidence Collection
Yijun Yu and Thein Than Tun
(Open University, UK)
Digital evidence needs to be made persistent so that it can be used later. For citizen forensics, sometimes intelligence cannot or should not be made persistent forever. In this position paper, we propose a form of snap forensics by defining an elastic duration of evidence/intelligence validity. Explicitly declaring such a duration could unify the treatment of both ephemeral intelligence and persistent evidence towards more flexible storage to satisfy privacy requirements.
@InProceedings{SERF17p10,
author = {Yijun Yu and Thein Than Tun},
title = {Snap Forensics: A Tradeoff between Ephemeral Intelligence and Persistent Evidence Collection},
booktitle = {Proc.\ SERF},
publisher = {ACM},
pages = {10--11},
doi = {},
year = {2017},
}
proc time: 0.78