TY - GEN
T1 - An Ontology Engineering Case Study for Advanced Digital Forensic Analysis
AU - Chikul, Pavel
AU - Bahsi, Hayretdin
AU - Maennel, Olaf
N1 - Publisher Copyright:
© 2021, Springer Nature Switzerland AG.
PY - 2021
Y1 - 2021
N2 - Digital forensics faces some serious challenges at present. Those challenges include ever-increasing processed data volumes, heterogeneous nature of evidentiary artifacts, multiple data sources incompatible with each other, and more. Most of the commonly used forensic tools do not provide an intuitive and convenient way of accessing the data. At the same time, storage types such as relational databases cannot fully satisfy the need to store heterogeneous objects and efficiently provide access to specific properties. In this paper, we present an ontology-based approach to processing digital evidence and handling the course of digital investigation. The proposed system, named ForensicFlow, provides means of automatic artifact extraction from different origin sources, namely volatile and non-volatile memory, and reconstruction of event-artifact graphs in order to assist forensic experts in quickly and efficiently outlining the scope of an incident, and conducting an investigation.
AB - Digital forensics faces some serious challenges at present. Those challenges include ever-increasing processed data volumes, heterogeneous nature of evidentiary artifacts, multiple data sources incompatible with each other, and more. Most of the commonly used forensic tools do not provide an intuitive and convenient way of accessing the data. At the same time, storage types such as relational databases cannot fully satisfy the need to store heterogeneous objects and efficiently provide access to specific properties. In this paper, we present an ontology-based approach to processing digital evidence and handling the course of digital investigation. The proposed system, named ForensicFlow, provides means of automatic artifact extraction from different origin sources, namely volatile and non-volatile memory, and reconstruction of event-artifact graphs in order to assist forensic experts in quickly and efficiently outlining the scope of an incident, and conducting an investigation.
KW - Digital forensics
KW - Event reconstruction
KW - Ontology
KW - Ransomware
KW - Semantic web
UR - http://www.scopus.com/inward/record.url?scp=85111350619&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85111350619&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-78428-7_6
DO - 10.1007/978-3-030-78428-7_6
M3 - Conference contribution
AN - SCOPUS:85111350619
SN - 9783030784270
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 67
EP - 74
BT - Model and Data Engineering - 10th International Conference, MEDI 2021, Proceedings
A2 - Attiogbé, Christian
A2 - Ben Yahia, Sadok
PB - Springer Science and Business Media Deutschland GmbH
T2 - 10th International Conference on Model and Data Engineering, MEDI 2021
Y2 - 21 June 2021 through 23 June 2021
ER -