Next Article in Journal
Gromov Hyperbolicity in Directed Graphs
Previous Article in Journal
Towards an Efficient Privacy-Preserving Decision Tree Evaluation Service in the Internet of Things
Open AccessArticle

An Abstraction Based Approach for Reconstruction of TimeLine in Digital Forensics

Software Engineering Department, Kaunas University of Technology, Studentu St. 50, LT-51368 Kaunas, Lithuania
*
Author to whom correspondence should be addressed.
Symmetry 2020, 12(1), 104; https://doi.org/10.3390/sym12010104
Received: 11 December 2019 / Revised: 30 December 2019 / Accepted: 3 January 2020 / Published: 6 January 2020
Acquiring a clear perspective of events and artefacts that occur over time is a challenging objective to accomplish in digital forensics. Reconstruction of the timeline of events and artefacts, which enables digital investigators to understand the timeline of digital crime and interpret the conclusion in the form of digital evidence, is one of the most paramount and challenging tasks in digital forensics. This challenging task requires the analysis of immense amounts of events because of the explosive growth of the internet, interconnected devices, and innovative technology nowadays. Various approaches have been developed during the last decade, but most of them are not able to handle huge volumes of data, explore evidence, and enhance the understandability of timelines in a competent way to assist the investigator. For this purpose, we introduce a methodology backed by an abstraction concept and forensic tools that can support investigators during the reconstruction, understanding of the timeline of events and artefacts, and interpretation of evidence by tracing the activities performed by users of the typical computer system. The Java programming language is used to implement the proposed methodology, which is object-oriented and follows the symmetry definition in software. Generally, symmetry in software can be viewed as an invariant change that aims to preserve a specific property of the system, namely its structure, behaviour, regularity, similarity, familiarity and uniformity. Similarly, the abstraction-based methodology also permits us to follow the properties of symmetry. For instance, a uniform structure is stipulated for all the sources at the particular level of abstraction, such as the number of fields to be considered to provide the abstract level of timeline. The primary purpose of this approach is to assist with the analysis of the timeline in an optimum way. This paper illustrates the approach and then focuses on conceptual aspects of the methodology. The performed experiment shows that the proposed approach enhanced the analysis of the timeline. View Full-Text
Keywords: digital forensics; digital evidence; timeline reconstruction; events and artefacts digital forensics; digital evidence; timeline reconstruction; events and artefacts
Show Figures

Figure 1

MDPI and ACS Style

Bhandari, S.; Jusas, V. An Abstraction Based Approach for Reconstruction of TimeLine in Digital Forensics. Symmetry 2020, 12, 104.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop