Abstract
Digital forensics faces some serious challenges at present. Those challenges include ever-increasing processed data volumes, heterogeneous nature of evidentiary artifacts, multiple data sources incompatible with each other, and more. Most of the commonly used forensic tools do not provide an intuitive and convenient way of accessing the data. At the same time, storage types such as relational databases cannot fully satisfy the need to store heterogeneous objects and efficiently provide access to specific properties. In this paper, we present an ontology-based approach to processing digital evidence and handling the course of digital investigation. The proposed system, named ForensicFlow, provides means of automatic artifact extraction from different origin sources, namely volatile and non-volatile memory, and reconstruction of event-artifact graphs in order to assist forensic experts in quickly and efficiently outlining the scope of an incident, and conducting an investigation.
This work in the project “ICT programme” was partly supported by the European Union through European Social Fund.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Plaso documentation. https://plaso.readthedocs.io/en/latest/
Brinson, A., Robinson, A., Rogers, M.: A cyber forensics ontology: creating a new approach to studying cyber forensics. Digit. Invest. 3, 37–43 (2006)
Carvey, H. https://windowsir.blogspot.com/2015/04/micro-mini-timelines.html
Case, A., Cristina, A., Marziale, L., Richard, G.G., Roussev, V.: Face: automated digital evidence discovery and correlation. Digit. Invest. 5, S65–S75 (2008)
Casey, E.: The chequered past and risky future of digital forensics. Aust. J. Forensic Sci. 51(6), 649–664 (2019)
Chabot, Y., Bertaux, A., Nicolle, C., Kechadi, T.: An ontology-based approach for the reconstruction and analysis of digital incidents timelines. Digit. Invest. 15, 83–100 (2015)
Debinski, M., Breitinger, F., Mohan, P.: Timeline2GUI: a Log2Timeline CSV parser and training scenarios. Digit. Invest. 28, 34–43 (2019)
Esposito, S., Peterson, G.: Creating super timelines in windows investigations. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2013. IAICT, vol. 410, pp. 135–144. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41148-9_9
Gujónsson, K.: Mastering the super timeline with log2timeline. SANS Institute (2010)
Hargreaves, C., Patterson, J.: An automated timeline reconstruction approach for digital forensic investigations. Digit. Invest. 9, S69–S79 (2012)
Kahvedžić, D., Kechadi, T.: Dialog: a framework for modeling, analysis and reuse of digital forensic knowledge. Digit. Invest. 6, S23–S33 (2009)
Karie, N.M., Venter, H.S.: Toward a general ontology for digital forensic disciplines. J. Forensic Sci. 59(5), 1231–1241 (2014)
Kent, K., Chevalier, S., Grance, T., Dang, H.: Guide to integrating forensic techniques into incident response. NIST Special Publ. 10(14), 800–86 (2006)
Sikos, L.F.: AI in digital forensics: ontology engineering for cybercrime investigations. Wiley Interdiscip. Rev. Forensic Sci. 3, e1394 (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Chikul, P., Bahsi, H., Maennel, O. (2021). An Ontology Engineering Case Study for Advanced Digital Forensic Analysis. In: Attiogbé, C., Ben Yahia, S. (eds) Model and Data Engineering. MEDI 2021. Lecture Notes in Computer Science(), vol 12732. Springer, Cham. https://doi.org/10.1007/978-3-030-78428-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-78428-7_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-78427-0
Online ISBN: 978-3-030-78428-7
eBook Packages: Computer ScienceComputer Science (R0)