Abstract [eng] |
Digital forensics is a process of identifying, collecting, preserving, analysing and presenting digital evidence that has been found on digital devices in the court. In order to attain the digital evidence during the investigation of digital crime, the reconstruction of the timeline is required. Moreover, the timeline assists in determining numerous activities that had been performed by a user on a particular system. It has been found in literature studies that there are numerous approaches that have been developed for the reconstruction of a timeline to assist digital practitioners in understanding the timeline and interpreting the information and collecting digital evidence, but none of them were capable to address the challenges faced by the digital investigators, explore the evidence and understandability of the timeline in a competent way. During the reconstruction of the timeline, the digital investigators encountered various new terminologies because of continuous innovations in technologies, the heterogeneity of data and many more issues. Moreover, the digital forensics tools generated an unstructured timeline from numerous sources of data. In such cases, the period that is required to find and interpret the cause of the potential digital incident can be affected by the complexity involved in understanding the meaning of newly encountered terminologies. In order to address these issues and assist digital investigators during the investigation of digital crime, two approaches have been developed that contributed in this field of research, i.e., first, the abstraction based approach for the analysis of timeline, and second, an ontology to define newly encountered terminologies during the analysis of the timeline. |