DocumentCode
175369
Title
Addressing the Increasing Volume and Variety of Digital Evidence Using an Ontology
Author
Brady, Owen ; Overill, Richard ; Keppens, Jeroen
Author_Institution
Dept. of Inf., King´s Coll., London, UK
fYear
2014
fDate
24-26 Sept. 2014
Firstpage
176
Lastpage
183
Abstract
The field of digital evidence must contend with an increasing number of devices to be examined paralleled with increasing diversity. Examiners face a battle to understand what artefacts may exist on these devices. Further, many current forensic tools look to comprehensively examine sources of digital evidence which can generate large amounts of, often spurious, data with no easy means of correlation. This paper proposes the use of an ontology - the Digital Evidence Semantic Ontology (DESO) - that allows an examiner to quickly discover what artefacts may be available on a device before time-consuming processes are commenced - preventing the generation of data that may have no practical value for an investigation. The ontology is then used to classify this data so that equivalent artefacts across devices can be compared to make connections. It demonstrates how this ontology can be adapted to keep track of changes in technology and how it can be used in a laboratory environment.
Keywords
digital forensics; ontologies (artificial intelligence); public administration; DESO; data generation; digital evidence semantic ontology; forensic tools; laboratory environment; Availability; Forensics; Object recognition; Ontologies; Operating systems; Telephone sets; Universal Serial Bus; artefact; digital evidence; forensic; investigation; ontology; variety; volume;
fLanguage
English
Publisher
ieee
Conference_Titel
Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint
Conference_Location
The Hague
Print_ISBN
978-1-4799-6363-8
Type
conf
DOI
10.1109/JISIC.2014.34
Filename
6975570
Link To Document