Addressing the Increasing Volume and Variety of Digital Evidence Using an Ontology

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

12 Citations (Scopus)

Abstract

The field of digital evidence must contend with an increasing number of devices to be examined paralleled with increasing diversity. Examiners face a battle to understand what artefacts may exist on these devices. Further, many current forensic tools look to comprehensively examine sources of digital evidence which can generate large amounts of, often spurious, data with no easy means of correlation. This paper proposes the use of an ontology - the Digital Evidence Semantic Ontology (DESO) - that allows an examiner to quickly discover what artefacts may be available on a device before time-consuming processes are commenced - preventing the generation of data that may have no practical value for an investigation. The ontology is then used to classify this data so that equivalent artefacts across devices can be compared to make connections. It demonstrates how this ontology can be adapted to keep track of changes in technology and how it can be used in a laboratory environment.
Original languageEnglish
Title of host publicationIntelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint
PublisherIEEE
Pages176-183
Number of pages7
DOIs
Publication statusPublished - 14 Sept 2014

Keywords

  • variety, digital evidence, forensic, investigation, artefact, ontology, volume

Fingerprint

Dive into the research topics of 'Addressing the Increasing Volume and Variety of Digital Evidence Using an Ontology'. Together they form a unique fingerprint.

Cite this