2009
DOI: 10.1016/j.diin.2009.06.008
|View full text |Cite
|
Sign up to set email alerts
|

Computer forensic timeline visualization tool

Abstract: is indexed by their time variables and plotted on a timeline. We believed that this way of visualizing the evidence allows the investigators to find coherent evidence faster and more intuitively. We have performed a user test where a group of people has evaluated our prototype tool against a modern commercial computer forensic tool and the results of this preliminary test are very promising. The results show that users completed the task in shorter time, with greater accuracy and with less errors using CyberFo… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
45
0

Year Published

2010
2010
2020
2020

Publication Types

Select...
6
3
1

Relationship

0
10

Authors

Journals

citations
Cited by 81 publications
(52 citation statements)
references
References 3 publications
0
45
0
Order By: Relevance
“…It introduces a set of extractors to collect events and store them in a database, which quickly generates a temporal ordered sequence of events. These automatic extractors, a widely used concept, can also generate the timeline as in FORE (Schatz et al, 2004), FACE (Case et al, 2008), CyberForensic TimeLab (Olsson and Boldt, 2009), Plaso and PyDFT (Hargreaves and Patterson, 2012). However, in some approaches including (Gladyshev and Patel, 2004) and (James et al, 2010), the lack of automation seems difficult to address and they present very high complexity (combinatorial explosion).…”
Section: Data Volumementioning
confidence: 99%
“…It introduces a set of extractors to collect events and store them in a database, which quickly generates a temporal ordered sequence of events. These automatic extractors, a widely used concept, can also generate the timeline as in FORE (Schatz et al, 2004), FACE (Case et al, 2008), CyberForensic TimeLab (Olsson and Boldt, 2009), Plaso and PyDFT (Hargreaves and Patterson, 2012). However, in some approaches including (Gladyshev and Patel, 2004) and (James et al, 2010), the lack of automation seems difficult to address and they present very high complexity (combinatorial explosion).…”
Section: Data Volumementioning
confidence: 99%
“…In this proposal, (Olsson & Boldt, 2009) discuss the need for a system to view and navigate the data related to an investigation in an intuitive way to discover evidence. To reach this objective, the tool Cyber-Forensic TimeLab described in this work extracts timestamps found in a machine or a group of machines, builds the timeline and then provides a graphical view of all the events.…”
Section: Cftl: Cyber-forensic Timelabmentioning
confidence: 99%
“…But not all times are helpful, and it is useful to distinguish categories of times. Visualization of time data is not discussed here, though it is important and there are several good methods [4].…”
Section: Time Analysismentioning
confidence: 99%