Automatic Timeline Construction For Computer Forensics Purposes

Files in This Item:
File Description SizeFormat 
insight_publication.pdf170.59 kBAdobe PDFDownload
Title: Automatic Timeline Construction For Computer Forensics Purposes
Authors: Chabot, Yoan
Bertaux, Aurélie
Nicolle, Christophe
Kechadi, Tahar
Permanent link: http://hdl.handle.net/10197/6394
Date: Sep-2014
Abstract: To determine the circumstances of an incident, investigators need to reconstruct events that occurred in the past. The large amount of data spread across the crime scene makes this task very tedious and complex. In particular, the analysis of the reconstructed timeline, due to the huge quantity of events that occurred on a digital system, is almost impossible and leads to cognitive overload. Therefore, it becomes more and more necessary to develop automatic tools to help or even replace investigators in some parts of the investigation. This paper introduces a multi-layered architecture designed to assist the investigative team in the extraction of information left in the crime scene, the construction of the timeline representing the incident and the interpretation of this latter.
Funding Details: University College Dublin
Type of material: Conference Publication
Publisher: Institute of Electrical and Electronics Engineers
Copyright (published version): 2014 IEEE
Keywords: Machine learning;Statistics
DOI: 10.1109/JISIC.2014.54
Language: en
Status of Item: Peer reviewed
Conference Details: IEEE Joint Intelligence and Security Informatics Conference (ISI-EISIC 2014), 24-26 September, the Hague, Netherlands
Appears in Collections:Computer Science Research Collection
Insight Research Collection

Show full item record

SCOPUSTM   
Citations 50

2
Last Week
0
Last month
checked on Jun 22, 2018

Google ScholarTM

Check

Altmetric


This item is available under the Attribution-NonCommercial-NoDerivs 3.0 Ireland. No item may be reproduced for commercial purposes. For other possible restrictions on use please refer to the publisher's URL where this is made available, or to notes contained in the item itself. Other terms may apply.