Abstract
The reporting of digital investigation results are traditionally carried out in prose and in a large investigation may require successive communication of findings between different parties. Popular forensic suites aid in the reporting process by storing provenance and positional data but do not automatically encode why the evidence is considered important. In this paper we introduce an evidence management methodology to encode the semantic information of evidence. A structured vocabulary of terms, ontology, is used to model the results in a logical and predefined manner. The descriptions are application independent and automatically organised. The encoded descriptions aim to help the investigation in the task of report writing and evidence communication and can be used in addition to existing evidence management techniques.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bunting, S.: EnCase Computer Forensics: EnCe The Official EnCase Certified Examiner Study Guide, 2nd edn., Sybex (2008)
Pellet, http://clarkparsia.com/pellet/ (visited: May 2010)
Cohen, M., Garfinkel, S., Schatz, B.: Extending the advanced forensic format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow. Digital Investigation 6, 57–68 (2009)
Encase, http://www.guidancesoftware.com/ (visited: May 2010)
Garfinkel, S.L., Malan, D.J., Dubec, K.A., Stevens, C.C., Pham, C.: Disk imaging with the advanced forensic format, library and tools. In: Research Advances in Digital Forensics (2nd Ann. IFIP WG 11.9 Int. Conf. on Digital Forensics). Springer, Heidelberg (2006)
Gruber, T.R.: Toward principles for the design of ontologies used for knowledge sharing. Int. Jrnl. of Human-Computer Studies 43, 907–928 (1995)
Kahvedžić, D., Kechadi, T.: Extraction and Categorisation of User Activity from Windows Restore Points. Jrnl. of Digital Forensics, Security and Law 4 (2008)
Kahvedžić, D., Kechadi, T.: Correlating Orphaned Windows Registry Data Structures. In: ADFSL 2009, Proc. of the Conf. on Digital Forensics, Security and Law, pp. 67–81 (2009)
Kahvedžić, D., Kechadi, T.: DIALOG: A Framework for Modelling, Analysis and Reuse of Digital Forensic Knowledge. Digital Investigation 6, 23–33 (2009)
Semantic Web Case Studies and Use Cases, http://www.w3.org/2001/sw/sweo/public/UseCases/ (visited: May 2010)
Miller, G.A.: WordNet: A Lexical Database for English. Comm. of the ACM 38, 39–41 (1995)
Schatz, B., Clark, A.: An open architecture for digital evidence integration. In: Proc of the 2006 AusCERT Asia Pacific Information Technology Security Conference R&D Stream, pp. 15–29 (2006)
Protégé Ontology Editor and Knowledge Acquisition System, http://protege.stanford.edu/ (visited: May 2010)
Turner, P.: Applying a forensic approach to incident response, network investigation and system administration using digital evidence bags. Digital Investigation 4, 30–35 (2007)
Time Ontology in OWL, http://www.w3.org/TR/2006/WD-owl-time-20060927/ (visited: May 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Kahvedžić, D., Kechadi, T. (2011). Semantic Modelling of Digital Forensic Evidence. In: Baggili, I. (eds) Digital Forensics and Cyber Crime. ICDF2C 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 53. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19513-6_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-19513-6_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19512-9
Online ISBN: 978-3-642-19513-6
eBook Packages: Computer ScienceComputer Science (R0)