Towards a Unified Modeling Language (UML) Profile to Address Digital Forensic Evidence Complexities
There is significant complexity in digital forensics due to the numerous device types and device implementations. This complexity is exacerbated by the need for digital evidence to be understood by a wide variety of stakeholders with varying technical backgrounds. This study showed the utility of using software engineering Unified Modeling Language (UML) modeling techniques for addressing this complexity. Extensible, executable models for the digital forensics domain were developed depicting the relevant computational mechanisms involved in the who, what, when, where and how attributes of digital evidence creation. Artifacts generated from the executable models enable a systematic constructive methodology utilizing the principle of abstraction and pattern discovery to provide a top-down view of the commonalities across implementations. It was demonstrated that the abstracted, top-down view was equivalent to implementation specific detailed views. In addition, it was shown that the executable model artifacts could be used by software applications to illustrate the creation of digital forensic evidence at various levels of detail. Lastly, a profile was constructed to extend UML with digital forensic domain relevant concepts and vocabulary to help enable forensic domain stakeholders, who may not have a software engineering background, to apply modeling to digital forensics. The UML profile and the defined constructive methodology provided concrete artifacts to assist others in the future to develop digital forensic models.
Robert J. Pallack,
"Towards a Unified Modeling Language (UML) Profile to Address Digital Forensic Evidence Complexities"
Dissertations and Master's Theses (Campus Access).