The role of computers in forensics is expanding, since so much crime uses electronic devices. Developing support mechanisms for digital investigation is the need of the hour. However, a great number of lacunae exist in devising suitable digital investigating mechanisms. Over the last couple of years, most digital crime has happened through smartphones, triggering a new discipline called mobile device forensics. Still, computer forensics is the major issue and most actively researched topic.
This paper nicely presents a digital investigating mechanism using the past behavior of a user. The authors aptly mention the importance of this paper in the introduction. A comprehensive literature review is provided on two related topics: state machine analysis and file system activity analysis. The authors clearly present the proposed signature-based method and beautifully defend how it can be used for the detection of action instances automatically.
The authors employ finite state machine analysis to form signatures from past actions. The signatures are generated based on the previous and current behaviors of action instances. They have devised a mechanism to update the consistency in an object’s behavior. Three different types of signatures are generated: core, support, and shared signatures. These three generated signatures are passed on to the proposed signature analysis model, which is layer based to perform forensic analysis. The proposed methods include explanations from all possible points of view, such as theoretical, mathematical, and algorithmic.
The authors present two practical case studies on how to deploy their algorithm for digital investigation. Overall, this excellent paper will be useful for researchers working in information security and digital forensics.