A digital forensic framework for automated user activity reconstruction

Jungin Kang, Sangwook Lee, Heejo Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

User activity reconstruction is a technique used in digital forensic investigation. Using this technique, digital forensic investigators extract a list of user activities from digital artifacts confiscated at the crime scene. Based on the list, explicit knowledge about the crime, such as motive, method, time, and place, can be deduced. Until now, activity reconstruction has been conducted by manual analysis. This means that the domain of the reconstructed activities is limited to the personal knowledge of the investigators, so the result exhibits low accuracy due to human errors , and the process requires an excessive amount of time. To solve these problems, this paper proposes a digital forensic framework SigDiff for automated user activity reconstruction. This framework uses a signature-based approach. It comprises an activity signature generation module, signature database, digital artifact collection module, and activity reconstruction module. Using SigDiff, the process of user activity reconstruction can be performed accurately with a high retrieval rate and in a reduced time span.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages263-277
Number of pages15
Volume7863 LNCS
DOIs
Publication statusPublished - 2013 Sep 9
Event9th International Conference on Information Security Practice and Experience, ISPEC 2013 - Lanzhou, China
Duration: 2013 May 122013 May 14

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7863 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other9th International Conference on Information Security Practice and Experience, ISPEC 2013
CountryChina
CityLanzhou
Period13/5/1213/5/14

    Fingerprint

Keywords

  • activity reconstruction
  • digital forensic framework
  • signature-based forensics

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Kang, J., Lee, S., & Lee, H. (2013). A digital forensic framework for automated user activity reconstruction. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7863 LNCS, pp. 263-277). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7863 LNCS). https://doi.org/10.1007/978-3-642-38033-4_19