Authors: Carol Taylor (University of Idaho), Barbara Endicott-Popovsky (University of Washington), Deborah A. Frincke (Pacific Northwest National Laboratory)



In this paper we present an approach to digital forensics specification based on forensic policy definition. Our methodology borrows from computer security policy specification, which has accumulated a significant body of research over the past 30 years. We first define the process of specifying forensics properties through a forensics policy and then present an example application of the process. This approach lends itself to formal policy specifi- cation and verification, which would allow for more clarity and less ambiguity in the specification process.