Jan Gruber, Merlin Humml

A Formal Treatment of Expressiveness and Relevanceof Digital Evidence

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Safety Research
  • Information Systems
  • Software

Digital investigations are largely concerned with reconstructing past events based on traces in digital systems. Given their importance, many concepts have been established to describe their quality—most of them concerned with procedural aspects, i.e., authenticity and integrity, for example. Besides that, there exist principal concepts that have been overlooked in the past: Two of those criteria are relevance and expressiveness of digital evidence. Unlike others, those are directly concerned with reaching the investigative goal. Therefore, we approach these two overlooked concepts of digital evidence by giving formal definitions. To illustrate the usefulness, we present two applications: First, we demonstrate that the notions of expressiveness and completeness can be used to guide investigations by presenting the Facet-oriented Criminalistic Cycle as a thinking model, which extends the well-established criminalistic cycle. Second, we put the concepts into practice by calculating the expressiveness of facets from a state machine representation of a digital system utilizing temporal logic and a model checker. Furthermore, we sketch out the implications of this improved way of defining relevance and expressiveness. Accordingly, this article aims to improve the understanding of these critical aspects of the overall investigative process.

Need a simple solution for managing your BibTeX entries? Explore CiteDrive!

  • Web-based, modern reference management
  • Collaborate and share with fellow researchers
  • Integration with Overleaf
  • Comprehensive BibTeX/BibLaTeX support
  • Save articles and websites directly from your browser
  • Search for new articles from a database of tens of millions of references
Try out CiteDrive

More from our Archive