A Digital Forensic Framework for Automated User Activity Reconstruction
作者: Jungin Kang , Sangwook Lee , Heejo Lee
DOI: 10.1007/978-3-642-38033-4_19
关键词: Signature (logic) 、 Computer science 、 Digital forensics 、 Process (computing) 、 Personal knowledge base 、 Explicit knowledge 、 Digital artifact 、 Data mining 、 Domain (software engineering) 、 Crime scene
摘要: User activity reconstruction is a technique used in digital forensic investigation. Using this technique, investigators extract list of user activities from artifacts confiscated at the crime scene. Based on list, explicit knowledge about crime, such as motive, method, time, and place, can be deduced. Until now, has been conducted by manual analysis. This means that domain reconstructed limited to personal investigators, so result exhibits low accuracy due human errors , process requires an excessive amount time. To solve these problems, paper proposes framework SigDiff for automated reconstruction. uses signature-based approach. It comprises signature generation module, database, artifact collection module. SigDiff, performed accurately with high retrieval rate reduced time span.
springer.com
elsevier.com
sci-hub.se 参考文章(15)
Robert Rowlingson, A Ten Step Process for Forensic Readiness. International Journal of Digital Evidence. ,vol. 2, ,(2004)
Joshua Isaac James, Pavel Gladyshev, Yuandong Zhu, Signature Based Detection of User Events for Post-mortem Forensic Analysis international conference on digital forensics. ,vol. 53, pp. 96- 109 ,(2010) , 10.1007/978-3-642-19513-6_8
Junghoon Oh, Seungbong Lee, Sangjin Lee, Advanced evidence collection and analysis of web browser activity digital forensic research workshop. ,vol. 8, ,(2011) , 10.1016/J.DIIN.2011.05.008
Jessica Reust, Case study: AOL instant messenger trace evidence Digital Investigation. ,vol. 3, pp. 238- 243 ,(2006) , 10.1016/J.DIIN.2006.10.009
Christopher Hargreaves, Jonathan Patterson, An automated timeline reconstruction approach for digital forensic investigations Digital Investigation. ,vol. 9, ,(2012) , 10.1016/J.DIIN.2012.05.006
Muhammad Yasin, Ahmad R. Cheema, Firdous Kausar, Analysis of Internet Download Manager for collection of digital forensic artefacts Digital Investigation. ,vol. 7, pp. 90- 94 ,(2010) , 10.1016/J.DIIN.2010.08.005
Harlan Carvey, Cory Altheide, Tracking USB storage: Analysis of windows artifacts generated by USB storage devices Digital Investigation. ,vol. 2, pp. 94- 100 ,(2005) , 10.1016/J.DIIN.2005.04.006
Wouter S. van Dongen, Forensic artefacts left by Windows Live Messenger 8.0 Digital Investigation. ,vol. 4, pp. 73- 87 ,(2007) , 10.1016/J.DIIN.2007.06.019
Brian D. Carrier, Defining Digital Forensic Examination and Analysis Tool Using Abstraction Layers. International Journal of Digital Evidence. ,vol. 1, ,(2003)
David M. Hilbert, David F. Redmiles, Extracting usability information from user interface events ACM Computing Surveys. ,vol. 32, pp. 384- 421 ,(2000) , 10.1145/371578.371593