Abstract
Current digital forensic tools and applications lack the capability to visually present high-level system events and their associated low-level traces in a user interpretable form. This chapter describes the Temporal Analysis Integration Management Application (TAIMA), an interactive graphical user interface that renders graph-based information visualizations for digital forensic event reconstruction. By leveraging correlation and abstraction as core functions, TAIMA reduces the manual, labor-intensive efforts needed to conduct timeline analyses during digital forensic examinations. A pilot usability study conducted to evaluate TAIMA supports the claim that correlation and abstraction of low-level events into high-level system events can enhance digital forensic examinations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
AccessData, Forensic Toolkit (FTK), Orem, Utah (accessdata.com/products-services/forensic-toolkit-ftk), 2020.
Apollo Docs, Configuring the Cache, Apollo, San Francisco, California (www.apollographql.com/docs/react/advanced/cach ing), 2020.
R. Carbone and C. Bean, Generating Computer Forensic Super-Timelines under Linux: A Comprehensive Guide for Windows-Based Disk Images, Technical Memorandum TM2011-216, Defence R&D Canada, Valcartier, Canada, 2011.
Y. Chabot, A. Bertaux, C. Nicolle and T. Kechadi, Automatic timeline construction and analysis for computer forensic purposes, Proceedings of the IEEE Joint Intelligence and Security Informatics Conference, pp. 276–279, 2014.
GRANDstack, Build Full Stack Graph Applications with Ease (grandstack.io), 2020.
K. Gudjonsson, Mastering the Super Timeline with log2timeline, Information Security Reading Room, SANS Institute, Bethesda, Maryland, 2010.
Guidance Software, EnCase Forensic User Guide, Version 8.07, Pasadena, California, 2018.
G. Hales, Visualization of device datasets to assist digital forensic investigations, Proceedings of the International Conference on Cyber Situational Awareness, Data Analytics and Assessment, 2017.
H. Hibshi, T. Vidas and L. Cranor, Usability of forensic tools: A user study, Proceedings of the Sixth International Conference on IT Security Incident Management and IT Forensics, pp. 81–91, 2011.
P. Hitlin, Internet, social media use and device ownership in U.S. have plateaued after years of growth, Fact Tank – News in Numbers, Pew Research Center, Washington, DC, September 28, 2018.
B. Inglot, L. Liu and N. Antonopoulos, A framework for enhanced timeline analysis in digital forensics, Proceedings of the IEEE International Conference on Green Computing and Communications, pp. 253–256, 2012.
T. Isenberg, P. Isenberg, J. Chen, M. Sedlmair and T. Moller, A systematic review of the practice of evaluating visualization, IEEE Transactions on Visualization Computer Graphics, vol. 19(12), pp. 2818–2827, 2013.
H. Lam, E. Bertini, P. Isenberg, C. Plaisant and S. Carpendale, Empirical studies in information visualization: Seven scenarios, IEEE Transactions on Visualization and Computer Graphics, vol. 18(9), pp. 1520–1536, 2012.
J. Lewis, Psychometric evaluation of the post-study system usability questionnaire: The PSSUQ, Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 36(16), pp. 1259–1260, 1992.
National Institute of Standards and Technology, Hacking Case, Gaithersburg, Maryland (www.cfreds.nist.gov/Hacking_Case.html), April 16, 2018.
Neo4j, Introducing Neo4j, San Mateo, California (neo4j.com), 2020.
J. Nielsen, Why you only need to test with 5 users, Nielsen Norman Group, Fremont, California (www.nngroup.com/articles/why-you-only-need-to-test-with-5-users), March 18, 2000.
J. Olsson and M. Boldt, Computer forensic timeline visualization tool, Digital Investigation, vol. 6(S), pp. S78–S87, 2009.
G. Osborne and J. Slay, Digital forensic infovis: An implementation of a process for visualization of digital evidence, Proceedings of the Sixth International Conference on Availability, Reliability and Security, pp. 196–201, 2011.
G. Osborne, B. Turnbull and J. Slay, The “Explore, Investigate and Correlate” (EIC) conceptual framework for digital forensic information visualization, Proceedings of the International Conference on Availability, Reliability and Security, pp. 629–634, 2010.
D. Schelkoph, G. Peterson and J. Okolica, Digital forensic event graph reconstruction, Proceedings of the International Conference on Digital Forensics and Cyber Crime, pp. 185–203, 2018.
B. Shneiderman, The eyes have it: A task by data type taxonomy for information visualizations, Proceedings of the IEEE Symposium on Visual Languages, pp. 336–343, 1996.
S. Teerlink and R. Erbacher, Improving the computer forensic analysis process through visualization, Communications of the ACM, vol. 49(2), pp. 71–75, 2006.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 IFIP International Federation for Information Processing
About this paper
Cite this paper
Adderley, N., Peterson, G. (2020). Interactive Temporal Digital Forensic Event Analysis. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XVI. DigitalForensics 2020. IFIP Advances in Information and Communication Technology, vol 589. Springer, Cham. https://doi.org/10.1007/978-3-030-56223-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-56223-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-56222-9
Online ISBN: 978-3-030-56223-6
eBook Packages: Computer ScienceComputer Science (R0)
