An Ontology-Based Approach for the Reconstruction and Analysis of Digital Incidents Timelines

Yoan Chabot 1 Aurélie Bertaux 2 Christophe Nicolle 3 Tahar Kechadi 4
1 Le2i - CheckSem
School of Computer Science and Informatics [Dublin], Le2i - Laboratoire Electronique, Informatique et Image [UMR6303]
3 Checksem
Le2i - Laboratoire Electronique, Informatique et Image [UMR6303]
Abstract : Due to the democratisation of new technologies, computer forensics investigators have to deal with volumes of data which are becoming increasingly large and heterogeneous. Indeed, in a single machine, hundred of events occur per minute, produced and logged by the operating system and various software. Therefore, the identification of evidence, and more generally, the reconstruction of past events is a tedious and time-consuming task for the investigators. Our work aims at reconstructing and analysing automatically the events related to a digital incident, while respecting legal requirements. To tackle those three main problems (volume, heterogeneity and legal requirements), we identify seven necessary criteria that an efficient reconstruction tool must meet to address these challenges. This paper introduces an approach based on a three-layered ontology, called ORD2I, to represent any digital events. ORD2I is associated with a set of operators to analyse the resulting timeline and to ensure the reproducibility of the investigation.
Type de document :
Article dans une revue
Digital Investigation, Elsevier, 2015, Digital Investigation, Special Issue on Big Data and Intelligent Data Analysis, pp.18
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01176091
Contributeur : Yoan Chabot <>
Soumis le : mardi 14 juillet 2015 - 17:18:11
Dernière modification le : vendredi 7 décembre 2018 - 16:50:03

Identifiants

  • HAL Id : hal-01176091, version 1

Collections

Citation

Yoan Chabot, Aurélie Bertaux, Christophe Nicolle, Tahar Kechadi. An Ontology-Based Approach for the Reconstruction and Analysis of Digital Incidents Timelines. Digital Investigation, Elsevier, 2015, Digital Investigation, Special Issue on Big Data and Intelligent Data Analysis, pp.18. 〈hal-01176091〉

Partager

Métriques

Consultations de la notice

322