P. D. Dixon, “An overview of computer forensics,” IEEE Potentials, Vol. 24, No. 5, pp. 7–10, 2005.
P. Stephenson, “Modeling of post-incident root cause analysis,” International Journal of Digital Evidence, Vol. 2, No. 2, pp. 1–16, 2003.
T. Stallard and K. Levitt, “Automated analysis for digital forensic science: Semantic integrity checking,” Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, USA, 2003.
P. Gladyshev, “Finite state machine analysis of a blackmail investigation,” International Journal of Digital Evidence, Vol. 4, No. 1, 2005.
P. Gladyshev and A. Patel, “Finite state machine approach to digital event reconstruction,” Digital Investigation journal, Vol. 1, No. 2, pp. 130–149, 2004.
B. D. Carrier and E. H. Spafford, “Categories of digital investigation analysis techniques based on the computer history model,” Digital Investigation Journal, 3(S), pp. 121–130, 2006.
S. Willassen, “Hypothesis-Based investigation of digital timestamps,” Proceedings of Fourth Annual IFIP WG 11.9 International Conference on Digital Forensics, Kyoto, Japan, 2008.
S. Y. Willassen, “Timestamp evidence correlation by model based clock hypothesis testing,” Proceedings of the 1st International Conference on Forensic Applications and Techniques in Telecommunications, Information, and Multimedia, 2008.
A. R. Arasteha, M. Debbabi, A. Sakhaa, and M. Saleh, “Analyzing multiple logs for forensic evidence,” Digital Investigation, Vol. 4, No. 1, pp. 82–91, 2007.
A. Pal, H. T. Sencar, and N. Memon, “Detecting file fragmentation point using sequential hypothesis testing,” Digital Investigation, Vol. 5, No. 1, pp. S2–S13, 2008.
S. P. Peisert, “A model of forensic analysis using goal- oriented logging,” PhD thesis, University of California, San Diego, 2007.
A. S. Huff, “Mapping strategic thought,” John Wiley & Sons, 1990.
J. Krichene, M. Hamdi, and N. Boudriga, “Collective computer incident response using cognitive maps,” IEEE International Conference on Systems, Man and Cybernetics, Hammamet, Tunisia, pp. 1080–1085, 2004.
S. Rekhis, J. Krichene, and N. Boudriga, “Dig for net: Digital Forensic in networking,” In Proceedings of the 3rd International Information Security Conference (SEC), Milan, Italy, 2008.
B. D. Carrier and E. H. Spafford, “An event-based digital forensic investigation framework,” Proceedings of Digital Forensic Research Workshop, 2004.
B. Mangnes, “The use of Levenshtein distance in computer forensics,” Master’s thesis, Gjovik University College, 2005.
E. Casey, “Digital evidence and computer crime,” Second Edition, Academic Press, 2004.
D. Drusinsky and J. L. Fobes, “Executable specifications: Language and applications,” The journal of Defense Soft- ware Engineering, Vol. 17, No. 9, pp. 15–18, 2004.
Y. Guan and A. K. Ghose, “Executable specifications for agent oriented conceptual modelling,” Proceedings of the IEEE/WIC/ACM International Conference on Intelligent Agent Technology (IAT), France, pp. 475–478, 2005.
M. Hamdi, J. Krichene, and N. Boudriga, “Collective com- puter incident response using cognitive maps,” Proceedings of IEEE conference on Systems, Man, and Cybernetics (IEEE SMC 2004), The Hargue, Netherland, 2004.
S. Rekhis and N. Boudriga, “A formal approach for the reconstruction of potential attack scenarios,” Proceedings of the International Conference on Information & Communication Technologies: From Theory to Applications (ICTTA), Damascus, Syria, 2008.
F. Kr?ger and S. Merz, “Temporal logic and state systems,” Springer, 2008.
S. Rekhis and N. Boudriga, “Formal forensic investigation eluding disk-based anti-forensic attacks,” Proceedings of Workshop on Information Security Applications, Jeju Island, Korea, 2005.
S. Garfinkel, “Anti-forensics: Techniques, detection and countermeasures,” Proceedings of the 2nd International Conference on I-Warfare and Security, Monterey, USA, 2007.
G. C. Kessler, “Anti-forensics and the digital investigator,” Proceedings of 5th Australian Digital Forensics Conference, Perth, Australia, 2007.