Automated Reconstructions for the Digital Forensic Examiner Workflow

Abstract

One product of a digital forensics examination is a reconstruction of events recorded in the media. A reconstruction places all of the case relevant trace into temporal, identity and associative relationships. Creating this reconstruction is a manual and time consuming process for the examiner. This thesis presents AIER. AIER integrates automation, abstraction and visualization into the Autopsy forensic software to improve the reconstruction process. The integration utilizes a custom Autopsy ingest module to extract and abstract artifact data and an interactive graph-based timeline visualization module. These improvements to the forensic examiner workflow are evaluated through a series of use cases.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2022
Accession Number
AD1166903

Entities

People

  • Ryan P. Montgomery

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Application Software
  • Authentication
  • Computational Forensics
  • Computer Science
  • Computers
  • Crime
  • Data Sets
  • Department Of Defense
  • Domain Specific Programming Languages
  • Engineering
  • Global Positioning Systems
  • Identification
  • Information Systems
  • Internet Of Things
  • Language
  • Law
  • Operating Systems
  • Web Browsers

Readers

  • Computer Vision.
  • Distributed Systems and Data Platform Development
  • Trauma or Military Medicine