Event reconstruction using temporal pattern of file system modification.
Saved in:
| Title: | Event reconstruction using temporal pattern of file system modification. |
|---|---|
| Authors: | Soltani, Somayeh, Seno, Seyed Amin Hosseini, Sadoghi Yazdi, Hadi |
| Source: | IET Information Security (Wiley-Blackwell); May2019, Vol. 13 Issue 3, p201-212, 12p |
| Subject Terms: | HARD disks, DIGITAL forensics, ARTIFICIAL intelligence, IMAGE reconstruction, REGRESSION analysis |
| Abstract: | Nowadays, several digital forensic tools extract a lot of low‐level information from different parts of the system. Constructing high‐level information from low‐level ones is very challenging. This study reconstructs high‐level events by using the traces of applications that are found in the file system metadata. In this regard, an event reconstruction framework is proposed that determines which applications have been run on a compromised system. The proposed framework works in two phases. In the training phase, the signatures of various applications are constructed. The signature of an application is the temporal pattern of file system modification of the application. In the detection phase, at first, the temporal pattern of file system modification of the hard disk (TPFSM‐D) of the compromised system is constructed. Then in order to determine whether a particular application has been run on the compromised system, the distance between the signature of the application and the TPFSM‐D of the hard disk is calculated by using a proposed distance measure. Finally, a decision engine decides whether the application has been run on the compromised system. The proposed event reconstruction framework has been tested on different scenarios. The empirical results suggest that the framework is effective in reconstructing events. [ABSTRACT FROM AUTHOR] |
| Copyright of IET Information Security (Wiley-Blackwell) is the property of Wiley-Blackwell and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Complementary Index |
Full Text Finder 
Nájsť tento článok vo Web of Science Be the first to leave a comment!