Nugget: A digital forensics language

Autor: Christopher Stelly, Vassil Roussev
Rok vydání: 2018
Předmět:
Zdroj: Digital Investigation. 24:S38-S47
ISSN: 1742-2876
DOI: 10.1016/j.diin.2018.01.006
Popis: One of the long-standing conceptual problems in digital forensics is the dichotomy between the imperative for verifiable and reproducible forensic computations, and the lack of adequate mechanisms to accomplish these goals. With over thirty years of professional practice, investigator notes are still the main source of reproducibility information, and much of it is tied to the functions of specific, often proprietary, tools. In this work, we discuss the design and implementation of a domain specific language (DSL) called nugget, which aims to enable the practical formal specification of digital forensic computations in a tool-agnostic fashion. The core idea of DSLs, such as SQL, is to create an intuitive means for domain experts to describe what computation needs to be performed while abstracting away the technical means of its implementation. In the context of digital forensics, nugget aims to address the following requirements: 1) provide investigators with the means to easily and completely specify the data flow of a forensic inquiry from data source to final results; 2) allow the fully automatic (and optimized) execution of the forensic computation; 3) provide a complete, formal, and auditable log of the inquiry.
Databáze: OpenAIRE
Externí odkaz: