# A complete formalized knowledge representation model for advanced   digital forensics timeline analysis

**Authors:** Yoan Chabot, Aur\'elie Bertaux, Christophe Nicollea, Tahar Kechadi

arXiv: 1903.01396 · 2019-03-05

## TL;DR

This paper introduces a comprehensive formalized knowledge representation model to improve digital forensics timeline analysis, enabling automatic, reproducible, and verifiable event reconstruction for investigations.

## Contribution

It presents a novel formal incident model and operators that facilitate semantic-rich, automated analysis of digital evidence timelines, integrating expert knowledge from forensics and software development.

## Key findings

- Formal incident model enhances event reconstruction accuracy
- Operators enable automated timeline analysis
- Supports reproducibility and verifiability in digital investigations

## Abstract

Having a clear view of events that occurred over time is a difficult objective to achieve in digital investigations (DI). Event reconstruction, which allows investigators to understand the timeline of a crime, is one of the most important step of a DI process. This complex task requires exploration of a large amount of events due to the pervasiveness of new technologies nowadays. Any evidence produced at the end of the investigative process must also meet the requirements of the courts, such as reproducibility, verifiability, validation, etc. For this purpose, we propose a new methodology, supported by theoretical concepts, that can assist investigators through the whole process including the construction and the interpretation of the events describing the case. The proposed approach is based on a model which integrates knowledge of experts from the fields of digital forensics and software development to allow a semantically rich representation of events related to the incident. The main purpose of this model is to allow the analysis of these events in an automatic and efficient way. This paper describes the approach and then focuses on the main conceptual and formal aspects: a formal incident modelization and operators for timeline reconstruction and analysis.

---
Source: https://tomesphere.com/paper/1903.01396