Expert system using fuzzy petri nets in computer forensics

In the past, computer forensics was only used by means of investigation. However, nowadays, due to the sharp increase of awareness of computer security, computer forensics becomes very significant even to the nonprofessionals, and it needs inference as well as the integrity and reliability of the procedure. In this paper, we describe the inference rules using Fuzzy Petri Nets and adapt the collected data in a compromised system to a proposition for inference of the intrusion information. The inferred results are expressed as formalized 5W1H format. The COMFEX(COMputer Forensic EXpert system) is inferable, even if the data is damaged in certain section, and the inference function of uncertainty is improved. This is useful to a system administrator who has weak analyzing ability of hacking, and it has improved capacity of managing the system security.