Like an episode of “CSI: Computers,” a UF researcher has developed a technique that gives digital detectives twice the forensic evidence they now have to catch all kinds of hackers, from curious teenagers to disgruntled employees to agents of foreign governments.
Writing in the current issue of the International Journal of Digital Evidence, UF doctoral student Mark Foster proposes a new and improved method of computer crime solving, called “process forensics.â€
“If a guy walks into a bank and robs it, leaving footprints behind or his fingerprints on the counter, the forensic analyst would come in and find those traces of what happened,†said Foster. In the same way, process forensics merges two existing types of digital evidence – intrusion-detection and checkpointing technology – to give an investigator the most possible information to crack a case, said Foster, a computer science and engineering student conducting the research for his dissertation with UF professor of computer science Joseph Wilson, who co-wrote the paper.
