Abstract
Digital forensics practitioners encounter numerous new terminologies during time-intensive digital investigation processes because of the explosive growth of the web, an immense amount of data, and rapid changes in technology. In such a scenario, the time needed to find and interpret the cause of the potential digital incident can be affected by the complexity involved in understanding the meaning of newly encountered terminologies. Although various approaches have been designed to assist digital practitioners in understanding the newly encountered terminologies during the investigation of the accident, none of them is capable of supporting investigators to interpret new terminologies. Our work focuses on reconstructing and analyzing the timeline of events and artifacts backed by the abstraction concept to help practitioners in reasoning about the perceived meaning of different digital forensics terminologies that are encountered during the investigation. This paper introduces an ontological approach based on the abstraction concept to reconstruct the timeline provided by command-based digital forensic tools, i.e., Log2timeline and Psort in the L2TCSV format, and assist in resolving the meaning of new encountered concepts. The performed experiments show that the novel methodology is capable of enhancing the timeline and assisting practitioners in determining the significance of encountered terminologies or concepts.
Highlights
Digital forensics practitioners face regular challenges in keeping track of continuous innovations in technologies such as Windows, Android, and iPhone operating system based devices
If digital forensics approaches are designed in such a way that they assist digital investigators in resolving the meaning of newly encountered terminologies during the investigation process, the time needed to find and analyze the cause of the digital accident can be reduced extensively, and these are the objectives of our paper
This section consists of four subsections, in which first three subsections show the outcome of the abstraction based approach in the form of a reconstructive timeline of the above mention three different operating system based devices and ontologies corresponding to each of them
Summary
Digital forensics practitioners face regular challenges in keeping track of continuous innovations in technologies such as Windows, Android, and iPhone operating system based devices Investigating these digital devices to attain meaningful information is a very time-consuming process because of the enormous amount of data, diversity of data, rapid innovation in technologies, and fast growth of the internet. During digital forensics investigations process investigators detect various new terminologies In such a scenario, the time needed to find and analyze the cause of a digital accident can be influenced by the complexity involved in determining the meaning of newly detected terminologies. If digital forensics approaches are designed in such a way that they assist digital investigators in resolving the meaning of newly encountered terminologies during the investigation process, the time needed to find and analyze the cause of the digital accident can be reduced extensively, and these are the objectives of our paper. To defined new terminologies in any particular domain, ontology is the appropriate approach
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
