Semantic Representation and Integration of Digital Evidence

The ever-increasing complexity and sophistication of computer and network attacks challenge society's dependability on digital infrastructure. Digital investigations recover and reconstruct the digital trails of such events and may employ practices from various subfields (computer, network forensics), each with its own set of techniques and tools. Integration of evidence from heterogeneous sources of data (e.g. disk images, network packet captures, logs) is often a manual and time-consuming process relying significantly on the investigator's expertise. In this paper, we propose and develop an approach, based on the Semantic Web framework, for ontologically representing and integrating digital evidence. The presented approach enhances existing forensic analysis techniques by providing partial and eventually full automation of the investigative process. (C) 2013 The Authors. Published by Elsevier B.V.