Triage Visualization for Digital Media Exploitation

Abstract

Digital forensic examiners are overwhelmed by case loads and data volumes and must prioritize their work. This thesis hypothesis that digital forensic examiners can employ triage visualizations to prioritize work loads. This thesis presents a simple one page visualization of disk activity for Windows FAT and NTFS filesystems. The visualization is constructed from filesystem meta data carved by the open source bulk_extractor digital forensics application. The visualization does not require further examination or reconstruction of file system metadata. The visualization is able to detect minor obfuscation or modification and overwriting of file system timestamps.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2013
Accession Number
ADA589810

Entities

People

  • Glenn Henderson

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Engineered Resilient Systems
  • Weapons Technologies

DTIC Thesaurus Topics

  • Anomaly Detection
  • Application Software
  • Artificial Intelligence
  • Change Detection
  • Computational Forensics
  • Computer Graphics
  • Computer Programming
  • Computer Science
  • Computers
  • Data Sets
  • Data Visualization
  • Detection
  • Electronic Mail
  • Information Systems
  • Mobile Phones
  • Neural Networks
  • Operating Systems

Fields of Study

  • Computer science

Readers

  • Computer Science/Computer Engineering/Data Science/Digital Signal Processing.
  • Cybersecurity.
  • Database Systems and Applications