DIALOG: A framework for modeling, analysis and reuse of digital forensic knowledge
Damir Kahvedzic, Tahar Kechadi

TL;DR
DIALOG is a comprehensive ontology framework designed to model, analyze, and facilitate reuse of digital forensic knowledge, with a focus on Windows Registry analysis and reasoning capabilities.
Contribution
It introduces a general, application-independent ontology for digital investigations, including detailed modeling of Windows Registry and integration with analysis tools.
Findings
Effective modeling of Windows Registry keys and tools
Enhanced reasoning for interpretation of forensic data
Framework supports knowledge reuse in digital forensics
Abstract
This paper presents DIALOG (Digital Investigation Ontology); a framework for the management, reuse, and analysis of Digital Investigation knowledge. DIALOG provides a general, application independent vocabulary that can be used to describe an investigation at different levels of detail. DIALOG is defined to encapsulate all concepts of the digital forensics field and the relationships between them. In particular, we concentrate on the Windows Registry, where registry keys are modeled in terms of both their structure and function. Registry analysis software tools are modeled in a similar manner and we illustrate how the interpretation of their results can be done using the reasoning capabilities of ontology
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
