A complete formalized knowledge representation model for advanced digital forensics timeline analysis

Abstract: a b s t r a c tHaving a clear view of events that occurred over time is a difficult objective to achieve in digital investigations (DI). Event reconstruction, which allows investigators to understand the timeline of a crime, is one of the most important step of a DI process. This complex task requires exploration of a large amount of events due to the pervasiveness of new technologies nowadays. Any evidence produced at the end of the investigative process must also meet the requirements of the courts, such as … Show more

“…The use of an ontology allows to have a unified model to represent knowledge, allowing to easily build analysis processes. Finally, the proposed ontology allows to meet the legal requirements and especially the need for reproducibility and traceability (Chabot et al, 2014).…”

“…The first analysis tool proposed in our approach is a process (based on Chabot et al, 2014) detecting correlation between a pair of events. The correlation is a relationship with a broad semantic that covers causal relationships and other semantic links.…”

“…The components of the ontology and the logic associated to each of them are therefore mathematically defined which allow to check the coherence and the consistency of the knowledge. In addition, the ontology presented in this paper is based on formal definitions given in (Chabot et al, 2014).…”

An ontology-based approach for the reconstruction and analysis of digital incidents timelines

“…The use of an ontology allows to have a unified model to represent knowledge, allowing to easily build analysis processes. Finally, the proposed ontology allows to meet the legal requirements and especially the need for reproducibility and traceability (Chabot et al, 2014).…”

“…The first analysis tool proposed in our approach is a process (based on Chabot et al, 2014) detecting correlation between a pair of events. The correlation is a relationship with a broad semantic that covers causal relationships and other semantic links.…”

“…The components of the ontology and the logic associated to each of them are therefore mathematically defined which allow to check the coherence and the consistency of the knowledge. In addition, the ontology presented in this paper is based on formal definitions given in (Chabot et al, 2014).…”

An ontology-based approach for the reconstruction and analysis of digital incidents timelines

“…In addition, [6] argue that a formalization of the problem of event reconstruction is necessary to better structure the reconstruction process, facilitate its automation and ensure the completeness of the reconstruction. The SADFC approach answers all these points by providing several mechanisms presented in [8].…”

“…The proposed knowledge model contains entities representing a crime scene and events occurring during an incident in addition to operators allowing to acquire and manipulate this knowledge. The knowledge model and operators are formalized in [8] and are presented briefly below. Our event reconstruction process starts with the extraction of the footprints from the crime scene using extraction operators.…”

Automatic Timeline Construction and Analysis for Computer Forensics Purposes

Cloud incident handling and forensic‐by‐design: cloud storage as a case study