0000000000514777
AUTHOR
Tahar Kechadi
De la scène de crime aux connaissances : représentation d'évènements et peuplement d'ontologie appliqués au domaine de la criminalistique informatique
International audience; Avec la démocratisation des technologies, les enquêtes de criminalistique informatique impliquent des volumes de données toujours plus grands et hétérogènes. Pour faciliter le travail des enquêteurs, nos travaux ont pour objectif de reconstruire automatiquement les évènements liés à un incident numérique, tout en respectant les exigences légales. Pour cela, il est nécessaire d'introduire un modèle de représentation de connaissances permettant de structurer les informations recueillies sur une scène de crime dans le but de faciliter l'utilisation de processus d'analyse automatisés. Ce papier propose un état de l'art des modèles de représentations d'évènements pour le …
An Ontology-Based Approach for the Reconstruction and Analysis of Digital Incidents Timelines
International audience; Due to the democratisation of new technologies, computer forensics investigators have to deal with volumes of data which are becoming increasingly large and heterogeneous. Indeed, in a single machine, hundred of events occur per minute, produced and logged by the operating system and various software. Therefore, the identification of evidence, and more generally, the reconstruction of past events is a tedious and time-consuming task for the investigators. Our work aims at reconstructing and analysing automatically the events related to a digital incident, while respecting legal requirements. To tackle those three main problems (volume, heterogeneity and legal require…
Event Reconstruction
Event reconstruction is one of the most important step in digital forensic investigations. It allows investigators to have a clear view of the events that have occurred over time. Event reconstruction is a complex task which requires exploration of a large amount of events due to the pervasiveness of new technologies nowadays. Any evidence produced at the end of the investigative process must also meet the requirements of the courts, such as reproducibility, verifiability, validation, etc. After defining the most important concepts of event reconstruction, a survey of the challenges of this field and solutions proposed so far is given in this chapter. Irish Research Council Science Foundati…
Automatic Timeline Construction and Analysis For Computer Forensics Purposes
International audience; To determine the circumstances of an incident, investigators need to reconstruct events that occurred in the past. The large amount of data spread across the crime scene makes this task very tedious and complex. In particular, the analysis of the reconstructed timeline, due to the huge quantity of events that occurred on a digital system, is almost impossible and leads to cognitive overload. Therefore, it becomes more and more necessary to develop automatic tools to help or even replace investigators in some parts of the investigation. This paper introduces a multi-layered architecture designed to assist the investigative team in the extraction of information left in…