Date of Award

Fall 12-20-2019

Degree Type

Dissertation

Degree Name

Ph.D.

Degree Program

Engineering and Applied Science

Department

Computer Science

Major Professor

Vassil Roussev

Second Advisor

Edit Kaminsky Bourgeois

Third Advisor

Minhaz Zibran

Fourth Advisor

Cherie Trumbach

Fifth Advisor

Adlai Depano

Abstract

One of the longstanding conceptual problems in digital forensics is the dichotomy between the need for verifiable and reproducible forensic investigations, and the lack of practical mechanisms to accomplish them. With nearly four decades of professional digital forensic practice, investigator notes are still the primary source of reproducibility information, and much of it is tied to the functions of specific, often proprietary, tools.

The lack of a formal means of specification for digital forensic operations results in three major problems. Specifically, there is a critical lack of:

a) standardized and automated means to scientifically verify accuracy of digital forensic tools;

b) methods to reliably reproduce forensic computations (their results); and

c) framework for inter-operability among forensic tools.

Additionally, there is no standardized means for communicating software requirements between users, researchers and developers, resulting in a mismatch in expectations. Combined with the exponential growth in data volume and complexity of applications and systems to be investigated, all of these concerns result in major case backlogs and inherently reduce the reliability of the digital forensic analyses.

This work proposes a new approach to the specification of forensic computations, such that the above concerns can be addressed on a scientific basis with a new domain specific language (DSL) called nugget. DSLs are specialized languages that aim to address the concerns of particular domains by providing practical abstractions. Successful DSLs, such as SQL, can transform an application domain by providing a standardized way for users to communicate what they need without specifying how the computation should be performed.

This is the first effort to build a DSL for (digital) forensic computations with the following research goals:

1) provide an intuitive formal specification language that covers core types of forensic computations and common data types;

2) provide a mechanism to extend the language that can incorporate arbitrary computations;

3) provide a prototype execution environment that allows the fully automatic execution of the computation;

4) provide a complete, formal, and auditable log of computations that can be used to reproduce an investigation;

5) demonstrate cloud-ready processing that can match the growth in data volumes and complexity.

Rights

The University of New Orleans and its agents retain the non-exclusive license to archive and make accessible this dissertation or thesis in whole or in part in all forms of media, now or hereafter known. The author retains all other ownership rights to the copyright of the thesis or dissertation.

Share

COinS