Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
A near-miss analysis model for improving the forensic investigation of software failures
Thesis (PhD)--University of Pretoria, 2014.
Saved in:
| Other Authors: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
University of Pretoria
2016
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613586405195776 |
|---|---|
| access_status_str | Open Access |
| author2 | Eloff, Jan H.P. |
| author_browse | Eloff, Jan H.P. |
| author_facet | Eloff, Jan H.P. |
| collection | Thesis |
| dc_rights_str_mv | © 2016 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. |
| description | Thesis (PhD)--University of Pretoria, 2014. |
| format | Thesis |
| id | oai:repository.up.ac.za:2263/56106 |
| institution | University of Pretoria (South Africa) |
| language | English |
| last_indexed | 2026-06-10T12:38:29.922Z |
| license_str | Other — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UPSpace — University of Pretoria Institutional Repository |
| publishDate | 2016 |
| publishDateRange | 2016 |
| publishDateSort | 2016 |
| publisher | University of Pretoria |
| publisherStr | University of Pretoria |
| record_format | dspace |
| source_str | UPSpace — University of Pretoria Institutional Repository |
| spelling | oai:repository.up.ac.za:2263/56106 A near-miss analysis model for improving the forensic investigation of software failures Eloff, Jan H.P. mbihina@yahoo.fr Bihina Bella, Madeleine UCTD Thesis (PhD)--University of Pretoria, 2014. The increasing complexity of software applications can lead to operational failures that have disastrous consequences. In order to prevent the recurrence of such failures, a thorough post-mortem investigation is required to identify the root causes involved. This root-cause analysis must be based on reliable digital evidence to ensure its objectivity and accuracy. However, current approaches to software failure analysis do not promote the collection of digital evidence for causal analysis. This leaves the system vulnerable to the reoccurrence of a similar failure. A promising alternative is offered by the field of digital forensics. Digital forensics uses proven scientific methods and principles of law to determine the cause of an event based on forensically sound evidence. However, being a reactive process, digital forensics can only be applied after the occurrence of costly failures. This limits its effectiveness as volatile data that could serve as potential evidence may be destroyed or corrupted after a system crash. In order to address this limitation of digital forensics, it is suggested that the evidence collection be started at an earlier stage, before the software failure actually unfolds, so as to detect the high-risk conditions that can lead to a major failure. These forerunners to failures are known as near misses. By alerting system users of an upcoming failure, the detection of near misses provides an opportunity to collect at runtime failure-related data that is complete and relevant. The detection of near misses is usually performed through electronic near-miss management systems (NMS). An NMS that combines near-miss analysis and digital forensics can contribute significantly to the improvement of the accuracy of the failure analysis. However, such a system is not available yet and its design still presents several challenges due to the fact that neither digital forensics nor near-miss analysis is currently used to investigate software failures and their existing methodologies and processes are not directly applicable to failure analysis. This research therefore presents the architecture of an NMS specifically designed to address the above challenges in order to facilitate the accurate forensic investigation of software failures. The NMS focuses on the detection of near misses at runtime with a view to maximising the collection of appropriate digital evidence of the failure. The detection process is based on a mathematical model that was developed to formally define a near miss and calculate its risk level. A prototype of the NMS has been implemented and is discussed in the thesis. tm2016 Computer Science PhD Unrestricted 2016-07-29T11:02:07Z 2016-07-29T11:02:07Z 2015-09-07 2014 Thesis Bihina Bella, M 2014, A near-miss analysis model for improving the forensic investigation of software failures, PhD Thesis, University of Pretoria, Pretoria, viewed yymmdd <http://hdl.handle.net/2263/56106> A2016 http://hdl.handle.net/2263/56106 en © 2016 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. application/pdf University of Pretoria |
| spellingShingle | UCTD A near-miss analysis model for improving the forensic investigation of software failures |
| title | A near-miss analysis model for improving the forensic investigation of software failures |
| title_full | A near-miss analysis model for improving the forensic investigation of software failures |
| title_fullStr | A near-miss analysis model for improving the forensic investigation of software failures |
| title_full_unstemmed | A near-miss analysis model for improving the forensic investigation of software failures |
| title_short | A near-miss analysis model for improving the forensic investigation of software failures |
| title_sort | near miss analysis model for improving the forensic investigation of software failures |
| topic | UCTD |
| url | http://hdl.handle.net/2263/56106 |