|
Accession Number
|
ADA562672
|
|
Title
|
Analysis of Forensic Super Timelines.
|
|
Publication Date
|
Jun 2012
|
|
Media Count
|
87p
|
|
Personal Author
|
S. J. Esposito
|
|
Abstract
|
As the use and adoption of networked electronic devices grows, their use in conjunction with crimes also increases. Extracting the probative evidence from these devices requires experienced digital forensics examiners. These examiners use several specialized tools that interpret the raw binary data present in digital media. Once the evidentiary artifacts are collected, one of the examiners goals is to assemble a narrative that describes when events occurred based on the time associated with the artifacts. Unfortunately, generating and evaluating these narrative super timelines is a manual and labor intensive process. This research focuses on aiding the examiner in evaluation through the generation of several queries that can extract and connect the temporal artifacts, and produce concise timelines. Extracting and analyzing these concise timelines allows the examiner to decrease the number artifacts to search through from hundreds of thousands of artifacts to only a hundred artifacts or less. Additionally, queries that correlate various artifacts allow the examiner to confirm or deny attribution of the user's actions. Application of the queries presented on a fictitious event demonstrates their ability to reduce the number of artifacts and facilitate the understanding of the activities surrounding the incident.
|
|
Keywords
|
Artifact analysis
Artifacts
Binary notation
Crimes
Digital forensics
Digital forensics examiners
Electrical networks
Electronic equipment
Forensic analysis
Incident collection
Litigation
Manual operation
Media
Skills
Super timeline
Theses
|
|
|
Source Agency
|
Non Paid ADAS
|
|
NTIS Subject Category
|
62 - Computers, Control & Information Theory
|
|
Corporate Author
|
Air Force Inst. of Tech., Wright-Patterson AFB, OH. School of Engineering and Management.
|
|
Document Type
|
Technical report
|
|
Title Note
|
Graduate research project.
|
|
NTIS Issue Number
|
1225
|
|
Contract Number
|
N/A
|
