Digital Forensics is nothing more than using Problem-Solving Strategies and Mathematical Reasoning to explain a digital events from the past that were labeled as incidents by policy or law.
Problem-Solving Strategies like
1. UNDERSTAND - scope / tool capability / indicators of [compromise / event* ] / law / policy
2. PLAN - look for patterns
3. SOLVE & CHECK - solve a simpler problem
4. EXPLAIN - simplify / report / present
* Every incident is subset of events and since we are obligated to identify inculpatory and excuplatory evidence, we can not label an investigation an incident. We can only look at the case as a sequence of events that are recorded on systems and might not be permitted by law or policy. Especially in civil cases, a personal feel is not considered an indicator, but a log record is.
is nothing new to the scientific process where inductive reasoning is utilized to identify an educated prediction ( or hypothesis ), so in investigations, we can use a deductive process to solve cases based on the identified hypothesis.
- Inductive reasoning is also known as hypothesis construction because any conclusions made are based on educated predictions.
i.e.
There are 20 balls—either black or white—in an urn. To estimate their respective numbers, you draw a sample of four balls and find that three are black and one is white. A good inductive generalization would be that there are 15 black, and five white, balls in the urn.
- Deductive reasoning, also called deductive logic, is the process of reasoning from one or more general statements regarding what is known to reach a logically certain conclusion.
i.e.
All men are mortal.
Socrates is a man.
Therefore, Socrates is mortal.
The following is an example of an argument that is valid, but not sound:
Everyone who eats steak is a quarterback.
John eats steak.
Therefore, John is a quarterback.
No comments:
Post a Comment