Automatic Timeline Construction For Computer Forensics Purposes
نویسندگان
چکیده
To determine the circumstances of an incident, investigators need to reconstruct events that occurred in the past. The large amount of data spread across the crime scene makes this task very tedious and complex. In particular, the analysis of the reconstructed timeline, due to the huge quantity of events that occurred on a digital system, is almost impossible and leads to cognitive overload. It becomes more and more necessary to develop automatic tools to help or even replace investigators in some parts of the investigation. This paper introduces a multilayered architecture design to assist the investigative team in the extraction of information left in the crime scene, the construction of the timeline representing the incident and the interpretation of this latter.
منابع مشابه
A complete formalized knowledge representation model for advanced digital forensics timeline analysis
Having a clear view of events that occurred over time is a difficult objective to achieve in digital investigations (DI). Event reconstruction, which allows investigators to understand the timeline of a crime, is one of the most important step of a DI process. This complex task requires exploration of a large amount of events due to the pervasiveness of new technologies nowadays. Any evidence p...
متن کاملA framework for post-event timeline reconstruction using neural networks
Digital forensic analysis Neural networks a b s t r a c t Post-event timeline reconstruction plays a critical role in forensic investigation and serves as a means of identifying evidence of the digital crime. We present an artificial neural networks based approach for post-event timeline reconstruction using the file system activities. A variety of digital forensic tools have been developed dur...
متن کاملAutomatic Construction of Persian ICT WordNet using Princeton WordNet
WordNet is a large lexical database of English language, in which, nouns, verbs, adjectives, and adverbs are grouped into sets of cognitive synonyms (synsets). Each synset expresses a distinct concept. Synsets are interlinked by both semantic and lexical relations. WordNet is essentially used for word sense disambiguation, information retrieval, and text translation. In this paper, we propose s...
متن کاملCloRoFor: Cloud Robust Forensics
The malicious alteration of machine time is a big challenge in computer forensics. Detecting such changes and reconstructing the actual timeline of events is of paramount importance. However, this can be difficult since the attacker has many opportunities and means to hide such changes. In particular, cloud computing, host and guest machine time can be manipulated in various ways by an attacker...
متن کاملComputer forensic timeline visualization tool
Computer Forensics is mainly about investigating crime where computers have been involved. There are many tools available to aid the investigator with this task. We have created a prototype of a new type of tool called CyberForensic TimeLab where all evidence is indexed by their time variables and plotted on a timeline. We believed that this way of visualizing the evidence allows the investigat...
متن کامل