Temporal Event Abstraction and Reconstruction

Abstract

Digital forensic examiners are being overwhelmed by the increasing demand for their services. This research applies sequence pattern mining (SPM) to digital forensics and develops a technique that uses the sequences to generates rules that summarize digitial artifacts into human understandable activities. It extends an existing SPM algorithm, Discontinuous Varied Order Sequence Mining (DVSM), and creates two new SPM algorithms, Single Object Sequence and Loop Abstraction (SOSLA) and Sequence Mining of Temporal Clusters (SMTC). These algorithms extend SPM by attaching attribute variables to items and by developing a new method for addressing interleaving. When these algorithms are applied to constructed use cases, results show a 96 reduction in transactions to review, 100 detection of true positives and no more than a 0.03 detection of false positives.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 21, 2017
Accession Number
AD1055588

Entities

People

  • James S. Okolica

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Air Force
  • Application Software
  • Computational Science
  • Computer Program Documentation
  • Computer Programs
  • Computers
  • Digital Media
  • Graphical User Interface
  • Human Systems Integration
  • Information Science
  • Internet
  • Network Science
  • Operating Systems
  • United States
  • Unsupervised Machine Learning
  • Web Browsers
  • Word Processors

Fields of Study

  • Computer science

Readers

  • Aerial Delivery - Logistics and Supply Chain Management.
  • Computer Vision.
  • Mathematical Modeling and Probability Theory.