State Machine Theory of Digital Forensic Analysis

This page presents my on-going work on formalisation and automation of digital forensic analysis using the theory of state machines. The ultimate aim of this work is to provide rigorous, automatic methods of digital forensic analysis, which are based on models and methods of computer science rather than ad-hoc inference rules. The draft versions of papers and other documents posted on this web page are provided for non-commercial use only.

Software

Event Reconstruction and Analysis in Lisp (EARL) is my experimental software for finite state machine analysis of digital evidence.

Presentations

P. Gladyshev "State Machine Theory of Digital Investigations" - a very accessible introduction to the key ideas of the theory without heavy maths.

Articles and Reports

P. Gladyshev, A. Patel "Formalising Event Time Bounding in Digital Investigations", International Journal of Digital Evidence, vol. 4, no. 2., December 2005.
- Event time bounding is a well known technique that allows the investigator to determine temporal boundaries of a particular event using known times of other events, which are causally connected to the event of interest. This paper presents mathematical analysis of this technique, and an algorithm for its automation.

P. Gladyshev, "Adding Real Time into State Machine Analysis of Digital Evidence", unpublished manuscript, June 2005.
- This paper presents mathematical foundations of the temporal reasoning algorithm that will be included into Earl v 0.2.

P. Gladyshev, "Finite State Machine Analysis of a Blackmail Investigation", International Journal of Digital Evidence, vol. 4, no. 1., May 2005.
- This paper is an informal introduction into state machine analysis of digital evidence illustrated on a real-world example (the example is included into distribution of Earl).

P. Gladyshev, "Formalising Event Reconstruction in Digital Investigations", Ph.D. dissertation, Department of Computer Science, University College Dublin, August 2004.
- A book-length, in-depth discussion of event reconstruction in digital investgiations.

P. Gladyshev, A. Patel, "Finite State Machine Approach to Digital Event Reconstruction", Digital Investigation journal, vol.1, no. 2, Elsevier, May 2004. A draft of the paper is available here.
- A concise summary of the Ph.D. dissertation. Gives a formal mathematical definition of the event reconstrcution problem in digital investigations and presents an event reconstruction algorithm for solving it.

My previous publications can be found here.

Pavel Gladyshev, Ph.D., M.Sc., Dip.Eng.

School of Computer Science and Informatics,
University College Dublin
Belfield, Dublin 4, Ireland
email: pavel at gladyshev.info

Last updated: 15 April 2006