| Title |
An ontology based on the timeline of Log2timeline and Psort using abstraction approach in digital forensics / |
| Authors |
Bhandari, Sandeepak ; Jusas, Vacius |
| DOI |
10.3390/sym12040642 |
| Full Text |
|
| Is Part of |
Symmetry.. Basel : MDPI. 2020, vol. 12, iss. 4, art. no. 642, p. 1-24.. ISSN 2073-8994 |
| Keywords [eng] |
digital forensics ; ontology ; symmetry properties ; timeline ; abstraction ; operating system ; events and artifacts |
| Abstract [eng] |
Digital forensics practitioners encounter numerous new terminologies during time-intensive digital investigation processes because of the explosive growth of the web, an immense amount of data, and rapid changes in technology. In such a scenario, the time needed to find and interpret the cause of the potential digital incident can be affected by the complexity involved in understanding the meaning of newly encountered terminologies. Although various approaches have been designed to assist digital practitioners in understanding the newly encountered terminologies during the investigation of the accident, none of them is capable of supporting investigators to interpret new terminologies. Our work focuses on reconstructing and analyzing the timeline of events and artifacts backed by the abstraction concept to help practitioners in reasoning about the perceived meaning of different digital forensics terminologies that are encountered during the investigation. This paper introduces an ontological approach based on the abstraction concept to reconstruct the timeline provided by command-based digital forensic tools, i.e., Log2timeline and Psort in the L2TCSV format, and assist in resolving the meaning of new encountered concepts. The performed experiments show that the novel methodology is capable of enhancing the timeline and assisting practitioners in determining the significance of encountered terminologies or concepts. |
| Published |
Basel : MDPI |
| Type |
Journal article |
| Language |
English |
| Publication date |
2020 |
| CC license |
|
