In EDS ansehen

A framework for post-event timeline reconstruction using neural networks

Gespeichert in:
Bibliographische Detailangaben
Titel: A framework for post-event timeline reconstruction using neural networks
Autoren: Khan, M.N.A. m.n.a.khan@sussex.ac.uk, Chatwin, C.R.1 c.r.chatwin@sussex.ac.uk, Young, R.C.D.1 r.c.d.young@sussex.ac.uk
Quelle: Digital Investigation. Sep2007, Vol. 4 Issue 3/4, p146-157. 12p.
Schlagwörter: Artificial neural networks, Computer crimes, Criminal investigation, Application software, Computer networks
Abstract: Abstract: Post-event timeline reconstruction plays a critical role in forensic investigation and serves as a means of identifying evidence of the digital crime. We present an artificial neural networks based approach for post-event timeline reconstruction using the file system activities. A variety of digital forensic tools have been developed during the past two decades to assist computer forensic investigators undertaking digital timeline analysis, but most of the tools cannot handle large volumes of data efficiently. This paper looks at the effectiveness of employing neural network methodology for computer forensic analysis by preparing a timeline of relevant events occurring on a computing machine by tracing the previous file system activities. Our approach consists of monitoring the file system manipulations, capturing file system snapshots at discrete intervals of time to characterise the use of different software applications, and then using this captured data to train a neural network to recognise execution patterns of the application programs. The trained version of the network may then be used to generate a post-event timeline of a seized hard disk to verify the execution of different applications at different time intervals to assist in the identification of available evidence. [Copyright &y& Elsevier]
Datenbank: Supplemental Index
FullText Text:
  Availability: 0
CustomLinks:
  – Url: https://resolver.ebscohost.com/openurl?sid=EBSCO:edo&genre=article&issn=17422876&ISBN=&volume=4&issue=3%2F4&date=20070901&spage=146&pages=146-157&title=Digital Investigation&atitle=A%20framework%20for%20post-event%20timeline%20reconstruction%20using%20neural%20networks&aulast=Khan%2C%20M.N.A.&id=DOI:10.1016/j.diin.2007.11.001
    Name: Full Text Finder
    Category: fullText
    Text: Full Text Finder
    Icon: https://imageserver.ebscohost.com/branding/images/FTF.gif
    MouseOverText: Full Text Finder
  – Url: https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=EBSCO&SrcAuth=EBSCO&DestApp=WOS&ServiceName=TransferToWoS&DestLinkType=GeneralSearchSummary&Func=Links&author=Khan%20MNA
    Name: ISI
    Category: fullText
    Text: Nájsť tento článok vo Web of Science
    Icon: https://imagesrvr.epnet.com/ls/20docs.gif
    MouseOverText: Nájsť tento článok vo Web of Science
Header DbId: edo
DbLabel: Supplemental Index
An: 31388866
RelevancyScore: 833
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 832.921813964844
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: A framework for post-event timeline reconstruction using neural networks
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Khan%2C+M%2EN%2EA%2E%22">Khan, M.N.A.</searchLink><i> m.n.a.khan@sussex.ac.uk</i><br /><searchLink fieldCode="AR" term="%22Chatwin%2C+C%2ER%2E%22">Chatwin, C.R.</searchLink><relatesTo>1</relatesTo><i> c.r.chatwin@sussex.ac.uk</i><br /><searchLink fieldCode="AR" term="%22Young%2C+R%2EC%2ED%2E%22">Young, R.C.D.</searchLink><relatesTo>1</relatesTo><i> r.c.d.young@sussex.ac.uk</i>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Digital+Investigation%22">Digital Investigation</searchLink>. Sep2007, Vol. 4 Issue 3/4, p146-157. 12p.
– Name: Subject
  Label: Subject Terms
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Artificial+neural+networks%22">Artificial neural networks</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+crimes%22">Computer crimes</searchLink><br /><searchLink fieldCode="DE" term="%22Criminal+investigation%22">Criminal investigation</searchLink><br /><searchLink fieldCode="DE" term="%22Application+software%22">Application software</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+networks%22">Computer networks</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: Abstract: Post-event timeline reconstruction plays a critical role in forensic investigation and serves as a means of identifying evidence of the digital crime. We present an artificial neural networks based approach for post-event timeline reconstruction using the file system activities. A variety of digital forensic tools have been developed during the past two decades to assist computer forensic investigators undertaking digital timeline analysis, but most of the tools cannot handle large volumes of data efficiently. This paper looks at the effectiveness of employing neural network methodology for computer forensic analysis by preparing a timeline of relevant events occurring on a computing machine by tracing the previous file system activities. Our approach consists of monitoring the file system manipulations, capturing file system snapshots at discrete intervals of time to characterise the use of different software applications, and then using this captured data to train a neural network to recognise execution patterns of the application programs. The trained version of the network may then be used to generate a post-event timeline of a seized hard disk to verify the execution of different applications at different time intervals to assist in the identification of available evidence. [Copyright &y& Elsevier]
PLink https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edo&AN=31388866
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1016/j.diin.2007.11.001
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 12
        StartPage: 146
    Subjects:
      – SubjectFull: Artificial neural networks
        Type: general
      – SubjectFull: Computer crimes
        Type: general
      – SubjectFull: Criminal investigation
        Type: general
      – SubjectFull: Application software
        Type: general
      – SubjectFull: Computer networks
        Type: general
    Titles:
      – TitleFull: A framework for post-event timeline reconstruction using neural networks
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Khan, M.N.A.
      – PersonEntity:
          Name:
            NameFull: Chatwin, C.R.
      – PersonEntity:
          Name:
            NameFull: Young, R.C.D.
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 09
              Text: Sep2007
              Type: published
              Y: 2007
          Identifiers:
            – Type: issn-print
              Value: 17422876
          Numbering:
            – Type: volume
              Value: 4
            – Type: issue
              Value: 3/4
          Titles:
            – TitleFull: Digital Investigation
              Type: main
ResultId 1