Research Area:  Digital Forensics

Abstract:

Most tools used during the forensic examination process emphasize data and metadata extraction without a formal definition of the concepts used in their outputs. These vary not only in the terminology used, but also in the way values are represented. These differences hinder the adoption of computer-assisted analysis, since the elements to be analyzed are not well-defined, requiring ad hoc parsers to process and interpret the output of each tool. A framework for semantic annotation of digital evidence is presented in this work. Semantic annotations use concepts that are defined in an ontology to describe the annotated object. They can replace raw metadata, user-defined labels and tool-specific analysis results with computer-readable, formally defined terms that can be used in semantically advanced queries. The framework-s components provide means to extract, analyze and index the contents of the digital evidence. The framework allows the augmentation of a base ontology, by adding domain and case-specific concepts to it. A prototype implementation is described and a case study is conducted to illustrate its potential uses and improvements to the forensic examination process.

Keywords:  

Author(s) Name:  Bruno W. P. Hoelz , Célia G. Ralha

Publisher name:  ACM

DOI:  10.1145/2480362.2480729

Volume Information:  

Paper Link:   https://dl.acm.org/doi/abs/10.1145/2480362.2480729