Title :
Addressing the Increasing Volume and Variety of Digital Evidence Using an Ontology
Author :
Brady, Owen ; Overill, Richard ; Keppens, Jeroen
Author_Institution :
Dept. of Inf., King´s Coll., London, UK
Abstract :
The field of digital evidence must contend with an increasing number of devices to be examined paralleled with increasing diversity. Examiners face a battle to understand what artefacts may exist on these devices. Further, many current forensic tools look to comprehensively examine sources of digital evidence which can generate large amounts of, often spurious, data with no easy means of correlation. This paper proposes the use of an ontology - the Digital Evidence Semantic Ontology (DESO) - that allows an examiner to quickly discover what artefacts may be available on a device before time-consuming processes are commenced - preventing the generation of data that may have no practical value for an investigation. The ontology is then used to classify this data so that equivalent artefacts across devices can be compared to make connections. It demonstrates how this ontology can be adapted to keep track of changes in technology and how it can be used in a laboratory environment.
Keywords :
digital forensics; ontologies (artificial intelligence); public administration; DESO; data generation; digital evidence semantic ontology; forensic tools; laboratory environment; Availability; Forensics; Object recognition; Ontologies; Operating systems; Telephone sets; Universal Serial Bus; artefact; digital evidence; forensic; investigation; ontology; variety; volume;
Conference_Titel :
Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint
Conference_Location :
The Hague
Print_ISBN :
978-1-4799-6363-8
DOI :
10.1109/JISIC.2014.34
