A digital forensic framework for automated user activity reconstruction

Jungin Kang; Sangwook Lee; Heejo Lee

doi:10.1007/978-3-642-38033-4_19

A digital forensic framework for automated user activity reconstruction

Jungin Kang, Sangwook Lee, Heejo Lee

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

Abstract

User activity reconstruction is a technique used in digital forensic investigation. Using this technique, digital forensic investigators extract a list of user activities from digital artifacts confiscated at the crime scene. Based on the list, explicit knowledge about the crime, such as motive, method, time, and place, can be deduced. Until now, activity reconstruction has been conducted by manual analysis. This means that the domain of the reconstructed activities is limited to the personal knowledge of the investigators, so the result exhibits low accuracy due to human errors , and the process requires an excessive amount of time. To solve these problems, this paper proposes a digital forensic framework SigDiff for automated user activity reconstruction. This framework uses a signature-based approach. It comprises an activity signature generation module, signature database, digital artifact collection module, and activity reconstruction module. Using SigDiff, the process of user activity reconstruction can be performed accurately with a high retrieval rate and in a reduced time span.

Original language	English
Title of host publication	Information Security Practice and Experience - 9th International Conference, ISPEC 2013, Proceedings
Pages	263-277
Number of pages	15
DOIs	https://doi.org/10.1007/978-3-642-38033-4_19
Publication status	Published - 2013
Event	9th International Conference on Information Security Practice and Experience, ISPEC 2013 - Lanzhou, China Duration: 2013 May 12 → 2013 May 14

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7863 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	9th International Conference on Information Security Practice and Experience, ISPEC 2013
Country/Territory	China
City	Lanzhou
Period	13/5/12 → 13/5/14

Keywords

activity reconstruction
digital forensic framework
signature-based forensics

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-642-38033-4_19

Cite this

Kang, J., Lee, S., & Lee, H. (2013). A digital forensic framework for automated user activity reconstruction. In Information Security Practice and Experience - 9th International Conference, ISPEC 2013, Proceedings (pp. 263-277). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7863 LNCS). https://doi.org/10.1007/978-3-642-38033-4_19

A digital forensic framework for automated user activity reconstruction. / Kang, Jungin; Lee, Sangwook; Lee, Heejo.
Information Security Practice and Experience - 9th International Conference, ISPEC 2013, Proceedings. 2013. p. 263-277 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7863 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kang, J, Lee, S & Lee, H 2013, A digital forensic framework for automated user activity reconstruction. in Information Security Practice and Experience - 9th International Conference, ISPEC 2013, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7863 LNCS, pp. 263-277, 9th International Conference on Information Security Practice and Experience, ISPEC 2013, Lanzhou, China, 13/5/12. https://doi.org/10.1007/978-3-642-38033-4_19

Kang J, Lee S, Lee H. A digital forensic framework for automated user activity reconstruction. In Information Security Practice and Experience - 9th International Conference, ISPEC 2013, Proceedings. 2013. p. 263-277. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-38033-4_19

Kang, Jungin ; Lee, Sangwook ; Lee, Heejo. / A digital forensic framework for automated user activity reconstruction. Information Security Practice and Experience - 9th International Conference, ISPEC 2013, Proceedings. 2013. pp. 263-277 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{7f8ec4485db74002993b1602bf2ce36c,

title = "A digital forensic framework for automated user activity reconstruction",

abstract = "User activity reconstruction is a technique used in digital forensic investigation. Using this technique, digital forensic investigators extract a list of user activities from digital artifacts confiscated at the crime scene. Based on the list, explicit knowledge about the crime, such as motive, method, time, and place, can be deduced. Until now, activity reconstruction has been conducted by manual analysis. This means that the domain of the reconstructed activities is limited to the personal knowledge of the investigators, so the result exhibits low accuracy due to human errors , and the process requires an excessive amount of time. To solve these problems, this paper proposes a digital forensic framework SigDiff for automated user activity reconstruction. This framework uses a signature-based approach. It comprises an activity signature generation module, signature database, digital artifact collection module, and activity reconstruction module. Using SigDiff, the process of user activity reconstruction can be performed accurately with a high retrieval rate and in a reduced time span.",

keywords = "activity reconstruction, digital forensic framework, signature-based forensics",

author = "Jungin Kang and Sangwook Lee and Heejo Lee",

year = "2013",

doi = "10.1007/978-3-642-38033-4_19",

language = "English",

isbn = "9783642380327",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "263--277",

booktitle = "Information Security Practice and Experience - 9th International Conference, ISPEC 2013, Proceedings",

note = "9th International Conference on Information Security Practice and Experience, ISPEC 2013 ; Conference date: 12-05-2013 Through 14-05-2013",

}

TY - GEN

T1 - A digital forensic framework for automated user activity reconstruction

AU - Kang, Jungin

AU - Lee, Sangwook

AU - Lee, Heejo

PY - 2013

Y1 - 2013

N2 - User activity reconstruction is a technique used in digital forensic investigation. Using this technique, digital forensic investigators extract a list of user activities from digital artifacts confiscated at the crime scene. Based on the list, explicit knowledge about the crime, such as motive, method, time, and place, can be deduced. Until now, activity reconstruction has been conducted by manual analysis. This means that the domain of the reconstructed activities is limited to the personal knowledge of the investigators, so the result exhibits low accuracy due to human errors , and the process requires an excessive amount of time. To solve these problems, this paper proposes a digital forensic framework SigDiff for automated user activity reconstruction. This framework uses a signature-based approach. It comprises an activity signature generation module, signature database, digital artifact collection module, and activity reconstruction module. Using SigDiff, the process of user activity reconstruction can be performed accurately with a high retrieval rate and in a reduced time span.

AB - User activity reconstruction is a technique used in digital forensic investigation. Using this technique, digital forensic investigators extract a list of user activities from digital artifacts confiscated at the crime scene. Based on the list, explicit knowledge about the crime, such as motive, method, time, and place, can be deduced. Until now, activity reconstruction has been conducted by manual analysis. This means that the domain of the reconstructed activities is limited to the personal knowledge of the investigators, so the result exhibits low accuracy due to human errors , and the process requires an excessive amount of time. To solve these problems, this paper proposes a digital forensic framework SigDiff for automated user activity reconstruction. This framework uses a signature-based approach. It comprises an activity signature generation module, signature database, digital artifact collection module, and activity reconstruction module. Using SigDiff, the process of user activity reconstruction can be performed accurately with a high retrieval rate and in a reduced time span.

KW - activity reconstruction

KW - digital forensic framework

KW - signature-based forensics

UR - http://www.scopus.com/inward/record.url?scp=84883425004&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-38033-4_19

DO - 10.1007/978-3-642-38033-4_19

M3 - Conference contribution

AN - SCOPUS:84883425004

SN - 9783642380327

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 263

EP - 277

BT - Information Security Practice and Experience - 9th International Conference, ISPEC 2013, Proceedings

T2 - 9th International Conference on Information Security Practice and Experience, ISPEC 2013

Y2 - 12 May 2013 through 14 May 2013

ER -

A digital forensic framework for automated user activity reconstruction

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this