6533b856fe1ef96bd12b271a

RESEARCH PRODUCT

Automatic Timeline Construction and Analysis For Computer Forensics Purposes

Aurélie BertauxYoan ChabotChristophe NicolleTahar Kechadi

subject

[INFO.INFO-AI] Computer Science [cs]/Artificial Intelligence [cs.AI]Computer science[INFO.INFO-OH]Computer Science [cs]/Other [cs.OH]Digital forensicsEvent ReconstructionOntology (information science)Computer securitycomputer.software_genre[INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI]Task (project management)[INFO.INFO-CY]Computer Science [cs]/Computers and Society [cs.CY]Timeline AnalysisCrime scene[ INFO.INFO-AI ] Computer Science [cs]/Artificial Intelligence [cs.AI]Event reconstructionOntologyTimelineComputer forensics16. Peace & justiceData science[INFO.INFO-OH] Computer Science [cs]/Other [cs.OH][ INFO.INFO-CY ] Computer Science [cs]/Computers and Society [cs.CY]Digital Forensics[INFO.INFO-CY] Computer Science [cs]/Computers and Society [cs.CY][ INFO.INFO-OH ] Computer Science [cs]/Other [cs.OH]computerCognitive load

description

International audience; To determine the circumstances of an incident, investigators need to reconstruct events that occurred in the past. The large amount of data spread across the crime scene makes this task very tedious and complex. In particular, the analysis of the reconstructed timeline, due to the huge quantity of events that occurred on a digital system, is almost impossible and leads to cognitive overload. Therefore, it becomes more and more necessary to develop automatic tools to help or even replace investigators in some parts of the investigation. This paper introduces a multi-layered architecture designed to assist the investigative team in the extraction of information left in the crime scene, the construction of the timeline representing the incident and the interpretation of this latter.

yearjournalcountryeditionlanguage
2014-09-24
https://hal.archives-ouvertes.fr/hal-01017212