Now showing 1 - 3 of 3
  • Publication
    Reconstruction et analyse smantique de chronologies cybercriminelles
    (EGC - Association Extraction et Gestation des Connaissances, 2014-01-31) ; ; ;
    La reconstruction de scénarios est l’une des étapes les plus importantes d’une investigation numérique. Elle permet aux enquêteurs d’avoir une vue des évènements survenus durant un incident. La reconstruction de scénarios est une tâche complexe requérant l’étude d’un très grand nombre d’évènements en raison de l’omniprésence des nouvelles technologies dans notre quotidien. De plus, les conclusions produites se doivent de respecter les critères fixés par la justice. Afin de répondre à ces challenges, nous proposons une nouvelle méthodologie, basée sur une ontologie intégrant les connaissances d’experts des domaines de la criminalistique et de l’ingénierie logicielle, permettant d’assister les enquêteurs tout au long du processus d’enquête.
      77
  • Publication
    Event Reconstruction: A state of the art
    Event reconstruction is one of the most important step in digital forensic investigations. It allows investigators to have a clear view of the events that have occurred over time. Event reconstruction is a complex task which requires exploration of a large amount of events due to the pervasiveness of new technologies nowadays. Any evidence produced at the end of the investigative process must also meet the requirements of the courts, such as reproducibility, verifiability, validation, etc. After defining the most important concepts of event reconstruction, a survey of the challenges of this field and solutions proposed so far is given in this chapter.
      436
  • Publication
    Automatic Timeline Construction For Computer Forensics Purposes
    (Institute of Electrical and Electronics Engineers, 2014-09) ; ; ;
    To determine the circumstances of an incident, investigators need to reconstruct events that occurred in the past. The large amount of data spread across the crime scene makes this task very tedious and complex. In particular, the analysis of the reconstructed timeline, due to the huge quantity of events that occurred on a digital system, is almost impossible and leads to cognitive overload. Therefore, it becomes more and more necessary to develop automatic tools to help or even replace investigators in some parts of the investigation. This paper introduces a multi-layered architecture designed to assist the investigative team in the extraction of information left in the crime scene, the construction of the timeline representing the incident and the interpretation of this latter.
      424