• Journal of Internet Computing and Services
    ISSN 2287 - 1136(Online) / ISSN 1598 - 0170 (Print)
    http://jics.or.kr/

Fuzzy Expert System for Detecting Anti-Forensic Activities


Se-Ryoung Kim, Huy-Kang Kim, Journal of Internet Computing and Services, Vol. 12, No. 5, pp. 47-62, Oct. 2011
Full Text:
Keywords: Anti-forensic, Anti-forensic activity model, live forensic, fuzzy logic, Expert system

Abstract

Recently, the importance of digital forensic has been magnified because of the dramatic increase of cyber crimes and the increasing complexity of the investigation of target systems such as PCs, servers, and database systems. Moreover, some systems have to be investigated with live forensic techniques. However, even though live forensic techniques have been improved, they are still vulnerable to anti-forensic activities when the target systems are remotely accessible by criminals or their accomplices. To solve this problem, we first suggest a layer-based model and the anti-forensic scenarios which can actually be applicable to each layer. Our suggested model, the Anti-Forensic Activites layer-based model, has 5 layers - the physical layer, network layer, OS layer, database application layer and data layer. Each layer has possible anti-forensic scenarios with detailed commands. Second, we propose a fuzzy expert system for effectively detecting anti-forensic activities. Some anti-forensic activities are hardly distinguished from normal activities. So, we use fuzzy logic for handling ambiguous data. We make rule sets with extracted commands and their arguments from pre-defined scenarios and the fuzzy expert system learns the rule sets. With this system, we can detect anti-forensic activities in real time when performing live forensic.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Se-Ryoung Kim and Huy-Kang Kim (2011). Fuzzy Expert System for Detecting Anti-Forensic Activities. Journal of Internet Computing and Services, 12(5), 47-62.

[IEEE Style]
S. Kim and H. Kim, "Fuzzy Expert System for Detecting Anti-Forensic Activities," Journal of Internet Computing and Services, vol. 12, no. 5, pp. 47-62, 2011.

[ACM Style]
Se-Ryoung Kim and Huy-Kang Kim. 2011. Fuzzy Expert System for Detecting Anti-Forensic Activities. Journal of Internet Computing and Services, 12, 5, (2011), 47-62.