A complete formalized knowledge representation model for advanced digital forensics timeline analysis
Yoan Chabot, Aur\'elie Bertaux, Christophe Nicollea, Tahar Kechadi

TL;DR
This paper introduces a comprehensive formalized knowledge representation model to improve digital forensics timeline analysis, enabling automatic, reproducible, and verifiable event reconstruction for investigations.
Contribution
It presents a novel formal incident model and operators that facilitate semantic-rich, automated analysis of digital evidence timelines, integrating expert knowledge from forensics and software development.
Findings
Formal incident model enhances event reconstruction accuracy
Operators enable automated timeline analysis
Supports reproducibility and verifiability in digital investigations
Abstract
Having a clear view of events that occurred over time is a difficult objective to achieve in digital investigations (DI). Event reconstruction, which allows investigators to understand the timeline of a crime, is one of the most important step of a DI process. This complex task requires exploration of a large amount of events due to the pervasiveness of new technologies nowadays. Any evidence produced at the end of the investigative process must also meet the requirements of the courts, such as reproducibility, verifiability, validation, etc. For this purpose, we propose a new methodology, supported by theoretical concepts, that can assist investigators through the whole process including the construction and the interpretation of the events describing the case. The proposed approach is based on a model which integrates knowledge of experts from the fields of digital forensics and…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
