Hypothesis Generation and Testing in Event Profiling for Digital Forensic Investigations

نویسندگان

  • Lynn Margaret Batten
  • Lei Pan
  • Nisar Khan
چکیده

The need for an automated approach to forensic digital investigation has been recognized for some years, and several authors have developed frameworks in this direction. The aim of this paper is to assist the forensic investigator with the generation and testing of hypotheses in the analysis phase. In doing so, the authors present a new architecture which facilitates the move to automation of the investigative process; this new architecture draws together several important components of the literature on question and answer methodologies including the concept of ‘pivot’ word and sentence ranking. Their architecture is supported by a detailed case study demonstrating its practicality.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Using Hypothesis Generation in Event Profiling for Digital Forensic Investigations

The traditional manual approach to the investigation of digital data is no longer feasible as the amount of data which can be saved on hard drives grows out of control. In addition, it is usually necessary to consider data across extensive networks of devices in order to obtain a realistic picture of an investigation and ensure that no evidence is overlooked. The need for an automated approach ...

متن کامل

Using Relationship-Building in Event Profiling for Digital Forensic Investigations

In a forensic investigation, computer profiling is used to capture evidence and to examine events surrounding a crime. A rapid increase in the last few years in the volume of data needing examination has led to an urgent need for automation of profiling. In this paper, we present an efficient, automated event profiling approach to a forensic investigation for a computer system and its activity ...

متن کامل

Testing and Evaluating the Harmonized Digital Forensic Investigation Process in Post Mortem Digital Investigations

Existing digital forensic investigation process models have provided guidelines for identifying and preserving potential digital evidence captured from a crime scene. However, for any of the digital forensic investigation process models developed across the world to be adopted and fully applied by the scientific community, it has to be tested. For this reason, the Harmonized Digital Forensic In...

متن کامل

A Cost-Effective Model for Digital Forensic Investigations

Because of the way computers operate, every discrete event potentially leaves a digital trace. These digital traces must be retrieved during a digital forensic investigation to prove or refute an alleged crime. Given resource constraints, it is not always feasible (or necessary) for law enforcement to retrieve all the related digital traces and to conduct comprehensive investigations. This pape...

متن کامل

Digital Forensic Reconstruction and the Virtual Security Testbed ViSe

This paper presents ViSe, a virtual security testbed, and demonstrates how it can be used to efficiently study computer attacks and suspect tools as part of a computer crime reconstruction. Based on a hypothesis of the security incident in question, ViSe is configured with the appropriate operating systems, services, and exploits. Attacks are formulated as event chains and replayed on the testb...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IJDCF

دوره 4  شماره 

صفحات  -

تاریخ انتشار 2012