Enhanced Timeline Analysis for Digital Forensic Investigations

被引:7
作者
Inglot, Bartosz [1 ]
Liu, Lu [1 ]
机构
[1] Univ Derby, Sch Comp & Math, Derby DE22 1GB, England
来源
INFORMATION SECURITY JOURNAL | 2014年 / 23卷 / 1-2期
基金
中国国家自然科学基金;
关键词
computer forensics; forensic framework; temporal evidence analysis; timeline analysis; Zeitline;
D O I
10.1080/19393555.2014.897401
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Forensic analysis is the science of collecting, examining, and presenting evidence in order to support or refute a hypothesis. With the increasing size of storage devices and growing popularity of digital hand-held devices connecting to the Internet, performing an effective digital forensic investigation is becoming more challenging to investigators. In this article, we evaluate the existing tools of timeline analysis and identify the need for a solid timeline analysis tool. For this reason, the article studies an existing but discontinued project called Zeitline, presents its features and shortcomings, and develops new capabilities to overcome these limitations. A case study is then presented in which the application's functionality is tested.
引用
收藏
页码:32 / 44
页数:13
相关论文
共 46 条
  • [1] ACPO, 2007, GOOD PRACT GUID COMP
  • [2] [Anonymous], 2005, DIGITAL FORENSICS RE
  • [3] [Anonymous], 2005, P DFRWS
  • [4] BEEDOCS, 2011, EASY TIMELINE OVERVI
  • [5] Black G., ENSCRIPTS GEOFF BLAC
  • [6] Buchholz F., 2005, ZEITLINE A FORENSIC
  • [7] Carrier B. D., 2011, SLEUTH KIT TSK AUT O
  • [8] CARVEY H, 2009, WINDOWS FORENSIC ANA
  • [9] Carvey H., 2012, WINFORENSICAANALYSIS
  • [10] Cloppert M., 2009, EX TIP
12345