NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Using Attack Graphs in Forensic Examinations

Published

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Abstract

Attack graphs are used to compute potential attack paths from a system configuration and known vulnerabilities of a system. Attack graphs can be used to eliminate known vulnerability sequences that can be eliminated to make attacks difficult and help forensic examiners in identifying many potential attack paths. After an attack happens, forensic analysis, including linking evidence with attacks, helps further understand and refine the attack scenario that was launched. Given that there are anti-forensic tools that can obfuscate, minimize or eliminate attack footprints, forensic analysis becomes harder. As a solution, we propose to apply attack graph to forensic analysis. We do so by including anti-forensic capabilities into attack graphs, so that the missing evidence can be explained by using longer attack paths that erase potential evidence. We show this capability in an explicit case study involving a Database attack.
Proceedings Title
2012 Seventh International Conference on Availability, Reliability and Security (ARES 2012)
Conference Dates
August 20-24, 2012
Conference Location
Prague, CZ
Conference Title
Fifth International Workshop on Digital Forensics (WSDF 2012), at the 2012 Seventh International Conference on Availability, Reliability and Security (ARES 2012)
Pub Type
Conferences

Download Paper

https://doi.org/10.1109/ARES.2012.58
Local Download

Keywords

attack graph, anti-forensics, anti-forensics vulnerability database, forensic analysis
Information technology, Forensic Science and Cybersecurity and privacy

Citation

Liu, C. , Singhal, A. and Wijesekera, D. (2013), Using Attack Graphs in Forensic Examinations, 2012 Seventh International Conference on Availability, Reliability and Security (ARES 2012), Prague, CZ, [online], https://doi.org/10.1109/ARES.2012.58, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=911518 (Accessed October 8, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created January 15, 2013, Updated October 12, 2021
Was this page helpful?