Digital Forensics Event Graph Reconstruction

Abstract

Ontological data representation and data. normalization can provide a structured way to correlate digital artifacts. This can reduce the amount of data that a forensics examiner needs to process in order to understand the sequence of events that happened on the system. However, ontology processing suffers from large disk consumption and a high computational cost. This paper presents Property Graph Event Reconstruction (PGER), a novel data normalization and event correlation system that leverages a native graph database to improve the speed of queries common in ontological data. PGER reduces the processing time of event correlation grammars and maintains accuracy over a relational database storage format.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 23, 2018
Accession Number
AD1056209

Entities

People

  • Daniel J Schelkoph

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Air Force
  • Anti-Virus Software
  • Artificial Intelligence
  • Artificial Neural Networks
  • Computational Forensics
  • Computer Program Documentation
  • Computer Program Reliability
  • Computer Programming
  • Computers
  • Data Set
  • Databases
  • Digital Data
  • Engineering
  • Expert Systems
  • Internet
  • Law
  • Machine Learning
  • Ontologies
  • Operating Systems
  • Relational Databases
  • Robotics
  • Security
  • United States
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Computer Vision.
  • Database Systems and Applications
  • Geospatial Intelligence and Artificial Intelligence Analytics