Creating Super Timelines in Windows Investigations

Abstract : As the applications and adoption of networked electronic devices grow, their use in conjunction with crimes also increases. Extracting probative evidence from these devices requires experienced digital forensic practitioners to use specialized tools that help interpret the raw binary data present in digital media. After the evidentiary artifacts are collected, an important goal of the practitioner is to assemble a narrative that describes when the events of interest occurred based on the timestamps of the artifacts. Unfortunately, generating and evaluating super timelines is a manual and labor-intensive process. This paper describes a technique that aids the practitioner in this process by generating queries that extract and connect the temporal artifacts, and produce concise timelines. Application of the queries to a simulated incident demonstrates their ability to reduce the number of artifacts from hundreds of thousands artifacts to a few hundred or less, and to facilitate the understanding of the activities surrounding the incident.
Type de document :
Communication dans un congrès
Gilbert Peterson; Sujeet Shenoi. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-410, pp.135-144, 2013, Advances in Digital Forensics IX. 〈10.1007/978-3-642-41148-9_9〉
Liste complète des métadonnées

Littérature citée [4 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01460626
Contributeur : Hal Ifip <>
Soumis le : mardi 7 février 2017 - 17:26:36
Dernière modification le : vendredi 1 décembre 2017 - 01:16:43
Document(s) archivé(s) le : lundi 8 mai 2017 - 15:06:25

Fichier

978-3-642-41148-9_9_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Stephen Esposito, Gilbert Peterson. Creating Super Timelines in Windows Investigations. Gilbert Peterson; Sujeet Shenoi. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-410, pp.135-144, 2013, Advances in Digital Forensics IX. 〈10.1007/978-3-642-41148-9_9〉. 〈hal-01460626〉

Partager

Métriques

Consultations de la notice

93

Téléchargements de fichiers

45