Intensional Cyberforensics

This work focuses on the application of intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state-automata approach. This work extends the use of the intensional programming paradigm to the modeling and implementation of a cyberforensics investigation process with backtracing of event reconstruction, in which evidence is modeled by multidimensional hierarchical contexts, and proofs or disproofs of claims are undertaken in an eductive manner of evaluation. This approach is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in previous work. As a base implementation language model, we use in this approach a new dialect of the Lucid programming language, called Forensic Lucid, and we focus on defining hierarchical contexts based on intensional logic for the distributed evaluation of cyberforensic expressions. We also augment the work with credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled. The Forensic Lucid programming language, used for this intensional cyberforensic analysis, formally presented through its syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, and JOOIP bound by the underlying intensional programming paradigm.Comment: 412 pages, 94 figures, 18 tables, 19 algorithms and listings; PhD thesis; v2 corrects some typos and refs; also available on Spectrum at http://spectrum.library.concordia.ca/977460

Intensional Cyberforensics

This work focuses on the application of intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state-automata approach. This work extends the use of the intensional programming paradigm to the modeling and implementation of a cyberforensics investigation process with backtracing of event reconstruction, in which evidence is modeled by multidimensional hierarchical contexts, and proofs or disproofs of claims are undertaken in an eductive manner of evaluation. This approach is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in previous work. As a base implementation language model, we use in this approach a new dialect of the Lucid programming language, called Forensic Lucid, and we focus on defining hierarchical contexts based on intensional logic for the distributed evaluation of cyberforensic expressions. We also augment the work with credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled. The Forensic Lucid programming language, used for this intensional cyberforensic analysis, formally presented through its syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, MARFL, and JOOIP bound by the underlying intensional programming paradigm

Formally Specifying and Proving Operational Aspects of Forensic Lucid in Isabelle

A Forensic Lucid intensional programming language has been proposed for intensional cyberforensic analysis. In large part, the language is based on various predecessor and codecessor Lucid dialects bound by the higher-order intensional logic (HOIL) that is behind them. This work formally specifies the operational aspects of the Forensic Lucid language and compiles a theory of its constructs using Isabelle, a proof assistant system.Comment: 23 pages, 3 listings, 3 figures, 1 table, 1 Appendix with theorems, pp. 76--98. TPHOLs 2008 Emerging Trends Proceedings, August 18-21, Montreal, Canada. Editors: Otmane Ait Mohamed and Cesar Munoz and Sofiene Tahar. The individual paper's PDF is at http://users.encs.concordia.ca/~tphols08/TPHOLs2008/ET/76-98.pd

Toward Formal Reasoning in Cyberforensic Case Investigation with Forensic Lucid

This work focuses on the application of the intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state automata approach. This work extends the use of the scientific intensional programming paradigm onto modeling and implementation of a cyberforensics investigation process with the backtrace of event reconstruction, modeling the evidence as multidimensional hierarchical contexts, and proving or disproving the claims with it in the intensional manner of evaluation. This is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in the related works. As a base implementation language model we use in this approach is a new dialect of the Lucid programming language, that we call Forensic Lucid and we define hierarchical contexts based on the intensional logic for the evaluation of cyberforensic expressions. We also augment the work with the credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled. The Forensic Lucid programming language proposed for this intensional cyberforensic analysis, includes the syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, and JOOIP bound by the intensional (temporal) logic that is behind them. The distributed Java-based eduction (demand-driven) evaluation engine of the General Intensional Programming System (GIPSY) is the run-time system to cope with the scalability issues of the large evidential knowledge base. We then propose a near future work with the dataflow graph visualization and a toolset for compilation and execution of the Forensic Lucid programs. We show some examples by re-writing them in Forensic Lucid. We then postulate other investigations applications beyond the digital forensics domain

Toward Refactoring of DMARF and GIPSY Case Studies – a Team 3 SOEN6471-S14 Project Report

The software architecture of a system is an illustration of the system which supports the understanding of the behaviour of the system. The architecture aids as the blueprint of the system, defining the work obligations which must be conceded by design and implementation teams. It is an artifact for early enquiry to make sure that a design methodology will produce a standard system. This paper depicts the software architecture and design of two frameworks DMARF and GIPSY. Primarily it inaugurates a comprehensive understanding of the frameworks and their applications. DMARF is high-volume processing of recorded audio, textual, or imagery data for pattern recognition and biometric forensic analysis, whereas GIPSY system provides a platform for a distributed multi-tier demand driven evaluation of heterogeneous programs. Secondly, the paper illustrates the use of several tools for the code analysis for both platforms and provides the outcome of the analysis. Thirdly, it establishes the architecture and design of the systems. Fourthly, it fuses the architecture for both the systems into one. The paper ends with depicting properties like code smells and refactoring to improve code quality for the frameworks