research-article

A semantic-web-technology-based framework for supporting knowledge-driven digital forensics

Authors:

Alfredo Cuzzocrea,

Giuseppe PirròAuthors Info & Claims

MEDES: Proceedings of the 8th International Conference on Management of Digital EcoSystems

Pages 58 - 66

https://doi.org/10.1145/3012071.3012099

Published: 01 November 2016 Publication History

Abstract

The usage of Information and Communication Technologies (ICTs) pervades everyday's life. If it is true that ICT contributed to improve the quality of our life, it is also true that new forms of (cyber)crime have emerged in this setting. The diversity and amount of information forensic investigators need to cope with, when tackling a cyber-crime case, call for tools and techniques where knowledge is the main actor. Current approaches leave to the investigator the chore of integrating the diverse sources of evidence relevant for a case thus hindering the automatic generation of reusable knowledge. This paper describes an architecture that lifts the classical phases of a digital forensic investigation to a knowledge-driven setting. We discuss how the usage of languages and technologies originating from the Semantic Web proposal can complement digital forensics tools so that knowledge becomes a first-class citizen. Our architecture enables to perform in an integrated way complex forensic investigations and, as a by-product, build a knowledge base that can be consulted to gain insights from previous cases. Our proposal has been inspired by real-world scenarios emerging in the context of an Italian research project about cyber security.

References

[1]

E. Akbal, F. Günes, and A. Akbal. Digital forensic analyses of web browser records. JSW, 11(7):631--637, 2016.

[2]

W. Alink, R. Bhoedjang, P. Boncz, and A. de Vries. XIRAF: XML-based indexing and querying for digital forensics. Digital Investigation, 3:50--58, Sept. 2006.

Digital Library

[3]

D. Allemang and J. Hendler. Semantic web for the working ontologist: effective modeling in RDFS and OWL. Elsevier, 2011.

Digital Library

[4]

C. Altheide and H. Carvey. Digital Forensics with Open Source Tools: Using Open Source Platform Tools for Performing Computer Forensics on TargetSystems: Windows, Mac, Linux,. 2011.

Digital Library

[5]

M. Atencia, J. Euzenat, G. Pirrò, and M.-C. Rousset. Alignment-based trust for resource finding in semantic p2p networks. In International Semantic Web Conference, pages 51--66. Springer, 2011.

Digital Library

[6]

T. Berners-Lee, J. Hendler, and O. Lassila. The Semantic Web. Scientific American, pages 28--37, 2001.

[7]

A. Brinson, A. Robinson, and M. Rogers. A cyber forensics ontology: Creating a new approach to studying cyber forensics. Digital Investigation, 2006.

Digital Library

[8]

R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic. Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Fut. Gen. Comp. Syst., 25(6):599--616, 2009.

Digital Library

[9]

M. Cannataro, A. Cuzzocrea, and A. Pugliese. XAHM: an adaptive hypermedia model based on XML. In Proceedings of the 14th Int. Conf. SEKE 2002, Ischia, Italy, July 15--19, 2002, pages 627--634, 2002.

Digital Library

[10]

B. Carrier. Defining digital forensic examination and analysis tools using abstraction layers. International Journal of digital evidence, 2003.

[11]

B. Carrier. A hypothesis-based approach to digital forensic investigations. ProQuest, 2006.

[12]

B. Carrier and E. Spafford. Digital forensic research workshop, 2004.

[13]

K. Chodorow and M. Dirolf. MongoDB - The Definitive Guide: Powerful and Scalable Data Storage. O'Reilly, 2010.

Digital Library

[14]

E. Choi, T. Kwiatkowski, and L. Zettlemoyer. Scalable semantic parsing with partial ontologies. In Proceedings of the 7th International Joint Conference ACL 2015, July 26--31, 2015, Beijing, China, Volume 1: Long Papers, pages 1311--1320, 2015.

[15]

R. Cogranne and J. J. Fridrich. Modeling and extending the ensemble classifier for steganalysis of digital images using hypothesis testing theory. IEEE Trans. Information Forensics and Security, 10(12):2627--2642, 2015.

[16]

D. Coppi, S. Calderara, and R. Cucchiara. Active query process for digital video surveillance forensic applications. Signal, Image and Video Processing, 9(4):749--759, 2015.

[17]

J. Ćosić, Z. Ćosić, and M. Baća. An ontological approach to study and manage digital chain of custody of digital evidence. Journal of Information and Organizational Sciences, 2011.

[18]

A. Cuzzocrea. Analytics over big data: Exploring the convergence of datawarehousing, OLAP and data-intensive cloud infrastructures. In 37th Annual IEEE Conference COMPSAC 2013, Kyoto, Japan, July 22--26, 2013, pages 481--483, 2013.

Digital Library

[19]

A. Cuzzocrea, L. Bellatreche, and I. Song. Data warehousing and OLAP over big data: current challenges and future research directions. In Proceedings of the 16th international workshop DOLAP 2013, San Francisco, CA, USA, October 28, 2013, pages 67--70, 2013.

Digital Library

[20]

A. Cuzzocrea and G. Pirrò. Knowledge-driven digital forensics. In 23rd Italian Symposium on Advanced Database Systems, SEBD 2015, Gaeta, Italy, June 14--17, 2015., pages 36--47, 2015.

[21]

A. Cuzzocrea, D. Saccà, and J. D. Ullman. Big data: a research agenda. In 17th International Symposium IDEAS '13, Barcelona, Spain - October 09 -- 11, 2013, pages 198--203, 2013.

Digital Library

[22]

V. Fionda, G. Pirrò, and C. Gutierrez. NautiLOD: A Formal Language for the Web of Data Graph. ACM Transactions on the Web (TWEB), 9(1):5, 2015.

Digital Library

[23]

G. Gottlob, G. Orsi, and A. Pieris. Query rewriting and optimization for ontological databases. ACM Trans. Database Syst., 39(3):25:1--25:46, 2014.

Digital Library

[24]

T. Gruber. A translation approach to portable ontology specifications. Knowledge Acquisition, 1993.

Digital Library

[25]

S. Harris and A. Seaborne. SPARQL 1.1 Query Language, 2013.

[26]

T. Heath and C. Bizer. Linked data: Evolving the web into a global data space. Morgan & Claypool, 2011.

Digital Library

[27]

A. Joshi, R. Lal, and T. Finin. Extracting cybersecurity related linked data from text. Semantic Computing (ICSC), 2013, 2013.

Digital Library

[28]

D. Kahvedžić and T. Kechadi. DIALOG: A framework for modeling, analysis and reuse of digital forensic knowledge. Digital Investigation, 6:S23--S33, Sept. 2009.

Digital Library

[29]

N. Karie and H. Venter. An Ontological Framework for a Cloud Forensic Environment. EISMC, 2013.

[30]

M. Kohn, M. Eloff, and J. Eloff. Integrated digital forensic process model. Computers & Security, 2013.

Digital Library

[31]

H. MahmoudiNasab and S. Sakr. Adaptrdf: adaptive storage management for RDF databases. IJWIS, 8(2):234--250, 2012.

[32]

E. Motta, S. B. Shum, and J. Domingue. Ontology-driven document enrichment: principles, tools and applications. Int. J. Hum.-Comput. Stud., 52(6):1071--1109, 2000.

Digital Library

[33]

A. Oltramari, L. Cranor, R. Walls, and P. McDaniel. Building an Ontology of Cyber Security. Technical report.

[34]

G. Palmer. A road map for digital forensic research. In First Digital Forensic Research Workshop, 2001.

[35]

S. Perumal. Digital forensic model based on Malaysian investigation process. International Journal of Computer Science and Network Security, 2009.

[36]

G. Pirrò, M. Ruffolo, and D. Talia. Secco: on building semantic links in peer-to-peer networks. In Journal on Data Semantics XII, pages 1--36. Springer, 2009.

Digital Library

[37]

D. Quick and K. R. Choo. Big forensic data reduction: digital forensic images and electronic evidence. Cluster Computing, 19(2):723--740, 2016.

Digital Library

[38]

M. Reith, C. Carr, and G. Gunsch. An examination of digital forensic models. International Journal of Digital Evidence, 2002.

[39]

T. Rosado and J. Bernardino. An overview of openstack architecture. In 18th International Symposium IDEAS 2014, Porto, Portugal, July 7--9, 2014, pages 366--367, 2014.

Digital Library

[40]

I. Song, K. Lee, X. Hu, and J. Maguire. Designing a Data Warehouse for Cyber Crimes. Journal of Digital Forensics, Security and Law, 2006.

[41]

Y. Sure, S. Staab, and R. Studer. Ontology engineering methodology. Handbook on ontologies, 2009.

[42]

S. Teelink and R. Erbacher. Improving the computer forensic analysis process through visualization. Communications of the ACM, 2006.

Digital Library

[43]

R. Walls. Inference-based Forensics for Extracting Information from Diverse Sources. PhD thesis, University of Massachusetts Amherst, 2014.

[44]

Z. Xiang, J. Zheng, Y. Lin, and Y. He. Ontorat: automatic generation of new ontology terms, annotations, and axioms based on ontology design patterns. J. Biomedical Semantics, 6:4, 2015.

[45]

J. Yoon, D. Jeong, C. Kang, and S. Lee. Forensic investigation framework for the document store nosql DBMS: mongodb as a case study. Digital Investigation, 17:53--65, 2016.

Digital Library

[46]

S. Zawoad and R. Hasan. Trustworthy digital forensics in the cloud. IEEE Computer, 49(3):78--81, 2016.

Digital Library

Cited By

Grojek ASikos L(2022)Ontology-Driven Artificial Intelligence in IoT ForensicsBreakthroughs in Digital Biometrics and Forensics10.1007/978-3-031-10706-1_12(257-286)Online publication date: 15-Oct-2022
https://doi.org/10.1007/978-3-031-10706-1_12
Kurniawan KEkelhart AEkaputra FKiesling E(2020)Cross-Platform File System Activity Monitoring and Forensics – A Semantic ApproachICT Systems Security and Privacy Protection10.1007/978-3-030-58201-2_26(384-397)Online publication date: 14-Sep-2020
https://doi.org/10.1007/978-3-030-58201-2_26
Sikos L(2020) AI in digital forensics: Ontology engineering for cybercrime investigations WIREs Forensic Science10.1002/wfs2.13943:3Online publication date: Sep-2020
https://doi.org/10.1002/wfs2.1394
Show More Cited By

Index Terms

A semantic-web-technology-based framework for supporting knowledge-driven digital forensics
1. Security and privacy
  1. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

A Framework for Digital Forensics and Investigations: The Goal-Driven Approach

Digital forensics investigations are an important task for collecting evidence based on the artifacts left in computer systems for computer related crimes. The requirements of such investigations are often a neglected aspect in most of the existing ...
FORZA - Digital forensics investigation framework that incorporate legal issues

What is Digital Forensics? Mark Pollitt highlighted in DFRWS 2004 [Politt MM. Six blind men from Indostan. Digital forensics research workshop (DFRWS); 2004] that digital forensics is not an elephant, it is a process and not just one process, but a ...
Digital Forensics and Crime Investigation: Legal Issues in Prosecution at National Level
SADFE '10: Proceedings of the 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering

Abstract: Revolution in Internet and ease in use of latest technology is significantly increasing the use of latest technology worldwide, day by day. Advancement in digital devices such as computers and cell phones also helped the people to work both ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

MEDES: Proceedings of the 8th International Conference on Management of Digital EcoSystems

November 2016

243 pages

ISBN:9781450342674

DOI:10.1145/3012071

General Chair:
Richard Chbeir,
Program Chairs:
Rajeev Agrawal,
Ismail Biskri

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 November 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

MEDES'16

MEDES'16: The 8th International Conference on ManagEment of Digital EcoSystems

November 1 - 4, 2016

Biarritz, France

Acceptance Rates

Overall Acceptance Rate 267 of 682 submissions, 39%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
240
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Grojek ASikos L(2022)Ontology-Driven Artificial Intelligence in IoT ForensicsBreakthroughs in Digital Biometrics and Forensics10.1007/978-3-031-10706-1_12(257-286)Online publication date: 15-Oct-2022
https://doi.org/10.1007/978-3-031-10706-1_12
Kurniawan KEkelhart AEkaputra FKiesling E(2020)Cross-Platform File System Activity Monitoring and Forensics – A Semantic ApproachICT Systems Security and Privacy Protection10.1007/978-3-030-58201-2_26(384-397)Online publication date: 14-Sep-2020
https://doi.org/10.1007/978-3-030-58201-2_26
Sikos L(2020) AI in digital forensics: Ontology engineering for cybercrime investigations WIREs Forensic Science10.1002/wfs2.13943:3Online publication date: Sep-2020
https://doi.org/10.1002/wfs2.1394
Zhang XChoo KBeebe N(2019)How Do I Share My IoT Forensic Experience With the Broader Community? An Automated Knowledge Sharing IoT Forensic PlatformIEEE Internet of Things Journal10.1109/JIOT.2019.29121186:4(6850-6861)Online publication date: Aug-2019
https://doi.org/10.1109/JIOT.2019.2912118

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents