A complete formalized knowledge representation model for advanced digital forensics timeline analysis

A complete formalized knowledge representation model for advanced digital forensics timeline analysis

Having a clear view of events that occurred over time is a difficult objective to achieve in digital investigations (DI). Event reconstruction, which allows investigators to understand the timeline of a crime, is one of the most important step of a DI process. This complex task requires exploration...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2019-02
Hauptverfasser: Chabot, Yoan, Bertaux, Aurélie, Nicollea, Christophe, Kechadi, Tahar
Format: Artikel
Sprache:eng
Schlagworte:
Computer forensics
Computer Science - Computers and Society
Computer Science - Cryptography and Security
Computer Science - Learning
Crime
Criminal investigations
Forensic computing
Forensic sciences
Knowledge representation
New technology
Reconstruction
Reproducibility
Software development
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Chabot, Yoan
Bertaux, Aurélie
Nicollea, Christophe
Kechadi, Tahar
description Having a clear view of events that occurred over time is a difficult objective to achieve in digital investigations (DI). Event reconstruction, which allows investigators to understand the timeline of a crime, is one of the most important step of a DI process. This complex task requires exploration of a large amount of events due to the pervasiveness of new technologies nowadays. Any evidence produced at the end of the investigative process must also meet the requirements of the courts, such as reproducibility, verifiability, validation, etc. For this purpose, we propose a new methodology, supported by theoretical concepts, that can assist investigators through the whole process including the construction and the interpretation of the events describing the case. The proposed approach is based on a model which integrates knowledge of experts from the fields of digital forensics and software development to allow a semantically rich representation of events related to the incident. The main purpose of this model is to allow the analysis of these events in an automatic and efficient way. This paper describes the approach and then focuses on the main conceptual and formal aspects: a formal incident modelization and operators for timeline reconstruction and analysis.
doi_str_mv 10.48550/arxiv.1903.01396
format Article
fullrecord <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_1903_01396</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2188081209</sourcerecordid><originalsourceid>FETCH-LOGICAL-a529-4f6db1f7ac51c9c0219461616cb34517fe2f144149c7afcc9e6b4bd9a3a3bb543</originalsourceid><addsrcrecordid>eNotkMtqwzAQRUWh0JDmA7qqoGunetrWMoS-INBN9mYsj4JS23IlJ2369XXSMosLw-FyOYTccbZUpdbsEeK3Py65YXLJuDT5FZkJKXlWKiFuyCKlPWNM5IXQWs4IrqgN3dDiiNSF2EHrf7ChH334arHZIY04REzYjzD60NMuNNieSQrNEXo7sY3f-REuT-yTt4mOvsPW90ihh_aUfLol1w7ahIv_nJPt89N2_Zpt3l_e1qtNBlqYTLm8qbkrwGpujWWCG5Xz6WwtleaFQ-G4UlwZW4Cz1mBeq7oxIEHWtVZyTu7_ai8OqiH6DuKpOruoLi4m4uGPGGL4PGAaq304xGllqgQvS1ZywYz8BZ_aY_E</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2188081209</pqid></control><display><type>article</type><title>A complete formalized knowledge representation model for advanced digital forensics timeline analysis</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Chabot, Yoan ; Bertaux, Aurélie ; Nicollea, Christophe ; Kechadi, Tahar</creator><creatorcontrib>Chabot, Yoan ; Bertaux, Aurélie ; Nicollea, Christophe ; Kechadi, Tahar</creatorcontrib><description>Having a clear view of events that occurred over time is a difficult objective to achieve in digital investigations (DI). Event reconstruction, which allows investigators to understand the timeline of a crime, is one of the most important step of a DI process. This complex task requires exploration of a large amount of events due to the pervasiveness of new technologies nowadays. Any evidence produced at the end of the investigative process must also meet the requirements of the courts, such as reproducibility, verifiability, validation, etc. For this purpose, we propose a new methodology, supported by theoretical concepts, that can assist investigators through the whole process including the construction and the interpretation of the events describing the case. The proposed approach is based on a model which integrates knowledge of experts from the fields of digital forensics and software development to allow a semantically rich representation of events related to the incident. The main purpose of this model is to allow the analysis of these events in an automatic and efficient way. This paper describes the approach and then focuses on the main conceptual and formal aspects: a formal incident modelization and operators for timeline reconstruction and analysis.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.1903.01396</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Computer forensics ; Computer Science - Computers and Society ; Computer Science - Cryptography and Security ; Computer Science - Learning ; Crime ; Criminal investigations ; Forensic computing ; Forensic sciences ; Knowledge representation ; New technology ; Reconstruction ; Reproducibility ; Software development</subject><ispartof>arXiv.org, 2019-02</ispartof><rights>2019. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,784,885,27925</link.rule.ids><backlink>$$Uhttps://doi.org/10.1016/j.diin.2014.05.009$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.48550/arXiv.1903.01396$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Chabot, Yoan</creatorcontrib><creatorcontrib>Bertaux, Aurélie</creatorcontrib><creatorcontrib>Nicollea, Christophe</creatorcontrib><creatorcontrib>Kechadi, Tahar</creatorcontrib><title>A complete formalized knowledge representation model for advanced digital forensics timeline analysis</title><title>arXiv.org</title><description>Having a clear view of events that occurred over time is a difficult objective to achieve in digital investigations (DI). Event reconstruction, which allows investigators to understand the timeline of a crime, is one of the most important step of a DI process. This complex task requires exploration of a large amount of events due to the pervasiveness of new technologies nowadays. Any evidence produced at the end of the investigative process must also meet the requirements of the courts, such as reproducibility, verifiability, validation, etc. For this purpose, we propose a new methodology, supported by theoretical concepts, that can assist investigators through the whole process including the construction and the interpretation of the events describing the case. The proposed approach is based on a model which integrates knowledge of experts from the fields of digital forensics and software development to allow a semantically rich representation of events related to the incident. The main purpose of this model is to allow the analysis of these events in an automatic and efficient way. This paper describes the approach and then focuses on the main conceptual and formal aspects: a formal incident modelization and operators for timeline reconstruction and analysis.</description><subject>Computer forensics</subject><subject>Computer Science - Computers and Society</subject><subject>Computer Science - Cryptography and Security</subject><subject>Computer Science - Learning</subject><subject>Crime</subject><subject>Criminal investigations</subject><subject>Forensic computing</subject><subject>Forensic sciences</subject><subject>Knowledge representation</subject><subject>New technology</subject><subject>Reconstruction</subject><subject>Reproducibility</subject><subject>Software development</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotkMtqwzAQRUWh0JDmA7qqoGunetrWMoS-INBN9mYsj4JS23IlJ2369XXSMosLw-FyOYTccbZUpdbsEeK3Py65YXLJuDT5FZkJKXlWKiFuyCKlPWNM5IXQWs4IrqgN3dDiiNSF2EHrf7ChH334arHZIY04REzYjzD60NMuNNieSQrNEXo7sY3f-REuT-yTt4mOvsPW90ihh_aUfLol1w7ahIv_nJPt89N2_Zpt3l_e1qtNBlqYTLm8qbkrwGpujWWCG5Xz6WwtleaFQ-G4UlwZW4Cz1mBeq7oxIEHWtVZyTu7_ai8OqiH6DuKpOruoLi4m4uGPGGL4PGAaq304xGllqgQvS1ZywYz8BZ_aY_E</recordid><startdate>20190221</startdate><enddate>20190221</enddate><creator>Chabot, Yoan</creator><creator>Bertaux, Aurélie</creator><creator>Nicollea, Christophe</creator><creator>Kechadi, Tahar</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20190221</creationdate><title>A complete formalized knowledge representation model for advanced digital forensics timeline analysis</title><author>Chabot, Yoan ; Bertaux, Aurélie ; Nicollea, Christophe ; Kechadi, Tahar</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a529-4f6db1f7ac51c9c0219461616cb34517fe2f144149c7afcc9e6b4bd9a3a3bb543</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Computer forensics</topic><topic>Computer Science - Computers and Society</topic><topic>Computer Science - Cryptography and Security</topic><topic>Computer Science - Learning</topic><topic>Crime</topic><topic>Criminal investigations</topic><topic>Forensic computing</topic><topic>Forensic sciences</topic><topic>Knowledge representation</topic><topic>New technology</topic><topic>Reconstruction</topic><topic>Reproducibility</topic><topic>Software development</topic><toplevel>online_resources</toplevel><creatorcontrib>Chabot, Yoan</creatorcontrib><creatorcontrib>Bertaux, Aurélie</creatorcontrib><creatorcontrib>Nicollea, Christophe</creatorcontrib><creatorcontrib>Kechadi, Tahar</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Chabot, Yoan</au><au>Bertaux, Aurélie</au><au>Nicollea, Christophe</au><au>Kechadi, Tahar</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A complete formalized knowledge representation model for advanced digital forensics timeline analysis</atitle><jtitle>arXiv.org</jtitle><date>2019-02-21</date><risdate>2019</risdate><eissn>2331-8422</eissn><abstract>Having a clear view of events that occurred over time is a difficult objective to achieve in digital investigations (DI). Event reconstruction, which allows investigators to understand the timeline of a crime, is one of the most important step of a DI process. This complex task requires exploration of a large amount of events due to the pervasiveness of new technologies nowadays. Any evidence produced at the end of the investigative process must also meet the requirements of the courts, such as reproducibility, verifiability, validation, etc. For this purpose, we propose a new methodology, supported by theoretical concepts, that can assist investigators through the whole process including the construction and the interpretation of the events describing the case. The proposed approach is based on a model which integrates knowledge of experts from the fields of digital forensics and software development to allow a semantically rich representation of events related to the incident. The main purpose of this model is to allow the analysis of these events in an automatic and efficient way. This paper describes the approach and then focuses on the main conceptual and formal aspects: a formal incident modelization and operators for timeline reconstruction and analysis.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.1903.01396</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2019-02
issn 2331-8422
language eng
recordid cdi_arxiv_primary_1903_01396
source arXiv.org; Free E- Journals
subjects Computer forensics
Computer Science - Computers and Society
Computer Science - Cryptography and Security
Computer Science - Learning
Crime
Criminal investigations
Forensic computing
Forensic sciences
Knowledge representation
New technology
Reconstruction
Reproducibility
Software development
title A complete formalized knowledge representation model for advanced digital forensics timeline analysis
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-29T11%3A37%3A07IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20complete%20formalized%20knowledge%20representation%20model%20for%20advanced%20digital%20forensics%20timeline%20analysis&rft.jtitle=arXiv.org&rft.au=Chabot,%20Yoan&rft.date=2019-02-21&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.1903.01396&rft_dat=%3Cproquest_arxiv%3E2188081209%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2188081209&rft_id=info:pmid/&rfr_iscdi=true