首页 | 本学科首页   官方微博 | 高级检索  
     


An ontology-based approach for the reconstruction and analysis of digital incidents timelines
Affiliation:1. CheckSem Team, Laboratoire Le2i, UMR CNRS 6306, Faculté des Sciences Mirande, Université de Bourgogne, BP47870, 21078 Dijon, France;2. School of Computer Science & Informatics, University College Dublin, Belfield, Dublin 4, Ireland;1. Department of Financial Information Security, Kookmin University, 77 Jeongneung-Ro, Seongbuk-Gu, Seoul, 02707, South Korea;2. Department of Information Security, Cryptology and Mathematics, Kookmin University, 77 Jeongneung-Ro, Seongbuk-Gu, Seoul, 02707, South Korea;1. Department of Computer Science, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU), Erlangen, Germany;2. Department of Computer Science, Technische Hochschule Nürnberg Georg Simon Ohm, Nürnberg, Germany
Abstract:Due to the democratisation of new technologies, computer forensics investigators have to deal with volumes of data which are becoming increasingly large and heterogeneous. Indeed, in a single machine, hundred of events occur per minute, produced and logged by the operating system and various software. Therefore, the identification of evidence, and more generally, the reconstruction of past events is a tedious and time-consuming task for the investigators. Our work aims at reconstructing and analysing automatically the events related to a digital incident, while respecting legal requirements. To tackle those three main problems (volume, heterogeneity and legal requirements), we identify seven necessary criteria that an efficient reconstruction tool must meet to address these challenges. This paper introduces an approach based on a three-layered ontology, called ORD2I, to represent any digital events. ORD2I is associated with a set of operators to analyse the resulting timeline and to ensure the reproducibility of the investigation.
Keywords:Digital forensics  Event reconstruction  Forensic ontology  Knowledge extraction  Ontology population  Timeline analysis
本文献已被 ScienceDirect 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号