Building Ontologies for Digital Forensic Terminologies

Karie, Nickson M.; Kebande, Victor R.

doi:10.17781/p002032

Cited by 13 publications

(9 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Generally, in a smart intelligent city network, digital or smart devices are connected via ad‐hoc networks and the presence of mobile devices brings about complexities when a digital incident is detected. As a result, one would allow the collection of potential digital evidence 37,38 that can be distributed across the aforementioned CIR, SIR, and MIR databases for purposes of sharing useful investigative forensic knowledge. In this smart city, forensic intelligence could easily be gathered across different connected devices and this form of forensic intelligence could easily be used to link the perpetrator to the crime.…”

Section: Potential Use Casementioning

confidence: 99%

Digital forensic readiness intelligence crime repository

Kebande

Karie

Choo

et al. 2021

Security and Privacy

View full text Add to dashboard Cite

It may not always be possible to conduct a digital (forensic) investigation post‐event if there is no process in place to preserve potential digital evidence. This study posits the importance of digital forensic readiness, or forensic‐by‐design, and presents an approach that can be used to construct a Digital Forensic Readiness Intelligence Repository (DFRIR). Based on the concept of knowledge sharing, the authors leverage this premise to suggest an intelligence repository. Such a repository can be used to cross‐reference potential digital evidence (PDE) sources that may help digital investigators during the process. This approach employs a technique of capturing PDE from different sources and creating a DFR repository that can be able to be shared across diverse jurisdictions among digital forensic experts and law enforcement agencies (LEAs), in the form of intelligence. To validate the approach, the study has employed a qualitative approach based on a number of metrics and an analysis of experts' opinion has been incorporated. The DFRIR seeks to maximize the collection of PDE, and reducing the time needed to conduct forensic investigation (e.g., by reducing the time for learning). This study then explains how such an approach can be employed in conjunction with ISO/IEC 27043: 2015.

show abstract

Section: Potential Use Casementioning

confidence: 99%

Digital forensic readiness intelligence crime repository

Kebande

Karie

Choo

et al. 2021

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Ontologies are used for representing and reasoning about domain knowledge. Karie and Kebande [ 30 ] propose that existing tools should incorporate new approaches to assist in resolving or clarifying the meaning of new terminologies used during the investigation process. Ontologies will generate a common definition, knowledge and understanding of digital forensics domain terminologies.…”

Section: Practitionersmentioning

confidence: 99%

“…The generation of an ontology comprises four main steps: 1) digital forensics terminology database; 2) develop terminology semantic annotations; 3) reasoning engine; and 4) terminology semantic repository. The critical steps focus on the meaning of digital forensic terminologies during a digital forensic investigation [ 30 ].…”

Section: Practitionersmentioning

confidence: 99%

Interpol review of digital evidence 2016 - 2019

Reedy¹

2020

Forensic Science International: Synergy

View full text Add to dashboard Cite

show abstract

“…In the paper [12] the authors stated that digital forensics is a relatively new discipline with various technical and non-technical terminologies that can be hard to comprehend. The main problem addressed by the authors is that there is no approach in digital forensics that can help investigators in reasoning concerning the perceived meaning of different digital forensics terminologies encountered during a digital forensics investigation process.…”

Section: Literature Reviewmentioning

confidence: 99%

An Ontology Based on the Timeline of Log2timeline and Psort Using Abstraction Approach in Digital Forensics

Bhandari

Jusas

2020

Symmetry

View full text Add to dashboard Cite

Digital forensics practitioners encounter numerous new terminologies during time-intensive digital investigation processes because of the explosive growth of the web, an immense amount of data, and rapid changes in technology. In such a scenario, the time needed to find and interpret the cause of the potential digital incident can be affected by the complexity involved in understanding the meaning of newly encountered terminologies. Although various approaches have been designed to assist digital practitioners in understanding the newly encountered terminologies during the investigation of the accident, none of them is capable of supporting investigators to interpret new terminologies. Our work focuses on reconstructing and analyzing the timeline of events and artifacts backed by the abstraction concept to help practitioners in reasoning about the perceived meaning of different digital forensics terminologies that are encountered during the investigation. This paper introduces an ontological approach based on the abstraction concept to reconstruct the timeline provided by command-based digital forensic tools, i.e., Log2timeline and Psort in the L2TCSV format, and assist in resolving the meaning of new encountered concepts. The performed experiments show that the novel methodology is capable of enhancing the timeline and assisting practitioners in determining the significance of encountered terminologies or concepts.

show abstract

Building Ontologies for Digital Forensic Terminologies

Cited by 13 publications

References 8 publications

Digital forensic readiness intelligence crime repository

Digital forensic readiness intelligence crime repository

Interpol review of digital evidence 2016 - 2019

An Ontology Based on the Timeline of Log2timeline and Psort Using Abstraction Approach in Digital Forensics

Contact Info

Product

Resources

About