Sean Peisert

Home Page


Research Projects


Talks and Tutorials

Professional Service


Students & Postdocs




Photograph of me lecturing at the blackboard (credit: R. Benjamin Shapiro, 2002).

Upcoming events that I'm involved with:

NSPW 2017 (Oct. 2–4, 2017)

S&P 2018 (May 20–24, 2018)

CSET 2018 (Aug. 2018)

S&P 2019 (May 19–23, 2019)



Computer Forensics

This project is looking at establishing a rigorous, scientific model of forensic logging and analysis that is both efficient and effective at establishing the data that is necessary to record in order to understand past events. Additional applications include e-voting and forensic evidence in the courtroom. While forensics traditionally looks at available data and attempts to draw conclusions from it, we, in contrast, seek to understand the questions that we want to answer, and then derive what data is necessary to support answers to those questions.

Past sponsor: Institute for Information Infrastructure Protection (I3P)

Publications resulting from this project:

"A Risk Management Approach to the 'Insider Threat'"
Matt Bishop, Sophie Engle, Deborah A. Frincke, Carrie Gates, Frank L. Greitzer, Sean Peisert, and Sean Whalen,
Insider Threats in Cyber Security,
"Advances in Information Security" Series, pp. 115–138,
Springer, Berlin, September 2010.

"E-Voting and Forensics: Prying Open the Black Box"
Matt Bishop, Sean Peisert, Candice Hoke, Mark Graff, and David Jefferson,
Proceedings of the 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE '09),
Montreal, Canada, August 10–11, 2009.

"Computer Forensics In Forensis" (invited paper; expanded version of ACM OSR 42(3) paper)
Sean Peisert, Matt Bishop, and Keith Marzullo,
Proceedings of the Third International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering (IEEE/SADFE-2008), pp. 102–122,
Oakland, CA, May 22, 2008.

"Computer Forensics In Forensis" 
Sean Peisert, Matt Bishop, and Keith Marzullo,
ACM Operating Systems Review (OSR), Special Issue on Computer Forensics, 42(3), pp. 112–122,
April 2008.

"Analysis of Computer Intrusions Using Sequences of Function Calls"
Sean Peisert, Matt Bishop, Sidney Karin, and Keith Marzullo,
IEEE Transactions on Dependable and Secure Computing (TDSC), 4(2), pp. 137–150,
April-June 2007.

"Toward Models for Forensic Analysis"
Sean Peisert, Matt Bishop, Sidney Karin, and Keith Marzullo,
Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), pp. 3–15,
Seattle, WA, April 2007.

A Model of Forensic Analysis Using Goal-Oriented Logging
Sean P. Peisert,
Ph.D. Dissertation, Dept. of Computer Science and Engineering, University of California, San Diego,
March 2007.

"Your Security Policy is What???"
Matt Bishop and Sean Peisert,
UC Davis CS Technical Report CSE-2006-20,
March 2006.

"Principles-Driven Forensic Analysis"
Sean Peisert, Matt Bishop, Sidney Karin, and Keith Marzullo,
Proceedings of the 2005 New Security Paradigms Workshop (NSPW), pp. 85–93,
Lake Arrowhead, CA, September 2005.

"Forensics for System Administrators"
Sean Peisert,
USENIX ;login:, 30(4), pp. 34–42,
August 2005.
Reprinted in Cyber Forensics: Tools and Practices, ICFAI University Press, ISBN 81-314-0438-2, 2007.

The definitive versions of the papers posted on this page were first published in the venues indicated. In accordance with publisher copyright policies, these papers are pre-prints or post-prints, and are not the pubilsher's version.

Personal use of the material posted on this page is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the original publishers.

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

Last modified: Thursday, 06-Dec-2012 12:39:14 PST