AutoProv: An Automated File Provenance Collection Tool

Abstract

A file's provenance is a detailing of its origins and activities. There are tools available that are useful in maintaining the provenance of a file. Unfortunately for digital forensics, these tools require prior installation on the computer of interest while provenance generating events happen. The presented tool addresses this by reconstructing a file's provenance from several temporal artifacts. It identifies relevant temporal and user correlations between these artifacts, and presents them to the user. A variety of predefined use cases and real world data are tested against to demonstrate that this software allows examiners to draw useful conclusions about the provenance of a file.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 23, 2017
Accession Number
AD1054647

Entities

People

  • Ryan A Good

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Energy and Power Technologies
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Air Force
  • Application Protocols
  • Artifacts
  • Computational Forensics
  • Computer Programming
  • Computers
  • Data Processing
  • Digital Media
  • Electronic Mail
  • Information Systems
  • Internet
  • Operating Systems
  • Spreadsheet Software
  • United States
  • Web Browsers
  • Websites
  • Word Processors

Fields of Study

  • Computer science

Readers

  • Business Analytics
  • Geospatial Intelligence and Artificial Intelligence Analytics
  • Systems Analysis and Design