Abstract
Acquiring a clear perspective of events and artefacts that occur over time is a challenging objective to accomplish in digital forensics. Reconstruction of the timeline of events and artefacts, which enables digital investigators to understand the timeline of digital crime and interpret the conclusion in the form of digital evidence, is one of the most paramount and challenging tasks in digital forensics. This challenging task requires the analysis of immense amounts of events because of the explosive growth of the internet, interconnected devices, and innovative technology nowadays. Various approaches have been developed during the last decade, but most of them are not able to handle huge volumes of data, explore evidence, and enhance the understandability of timelines in a competent way to assist the investigator. For this purpose, we introduce a methodology backed by an abstraction concept and forensic tools that can support investigators during the reconstruction, understanding of the timeline of events and artefacts, and interpretation of evidence by tracing the activities performed by users of the typical computer system. The Java programming language is used to implement the proposed methodology, which is object-oriented and follows the symmetry definition in software. Generally, symmetry in software can be viewed as an invariant change that aims to preserve a specific property of the system, namely its structure, behaviour, regularity, similarity, familiarity and uniformity. Similarly, the abstraction-based methodology also permits us to follow the properties of symmetry. For instance, a uniform structure is stipulated for all the sources at the particular level of abstraction, such as the number of fields to be considered to provide the abstract level of timeline. The primary purpose of this approach is to assist with the analysis of the timeline in an optimum way. This paper illustrates the approach and then focuses on conceptual aspects of the methodology. The performed experiment shows that the proposed approach enhanced the analysis of the timeline.
Subject
Physics and Astronomy (miscellaneous),General Mathematics,Chemistry (miscellaneous),Computer Science (miscellaneous)
Reference23 articles.
1. Open Source Digital Forensics Toolshttp://www.digitalevidence.org/papers/opensrc_legal.pdf
2. Forensic Live Response and Event Reconstruction Methods in Linux Systemshttp://www.cms.livjm.ac.uk/pgnet2009/Proceedings/Papers/2009001.pdf
3. Legal methods of using computer forensics techniques for computer crime analysis and investigation;Thomas;Issues Inf. Syst.,2004
4. Reconstruction of Events in Digital Forensics
Cited by
8 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Beyond timestamps: Integrating implicit timing information into digital forensic timelines;Forensic Science International: Digital Investigation;2024-07
2. WristSense: A Wrist-Wear Dataset for Identifying Aggressive Tendencies;IFIP Advances in Information and Communication Technology;2024
3. Forensic Analysis of Social Media Android Apps via Timelines;Lecture Notes in Networks and Systems;2024
4. Analyzing Edge IoT Digital Forensics Tools: Cyber Attacks Reconstruction and Anti-Forensics Enhancements;2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech);2023-11-14
5. Using Machine Learning for Detection and Classification of Cyber Attacks in Edge IoT;2023 IEEE International Conference on Edge Computing and Communications (EDGE);2023-07