Forensic investigation method and tool based on the user behaviour analysis

Today, people use a variety of digital devices, and events taking place in them are stored in specific forms mostly including data indicating when each event took place. So far, different methods have been constantly researched and developed to analyse various events, most of which analyse event data unnecessary for a forensic investigation. As a result, investigators should carry out additional work to select data needed for an actual investigation, making the process of analysis more difficult and longer. Besides, since the capacity of storage media gets higher and events become more diversified, such a phenomenon seems gradually worsened. Thus, this paper suggests a timeline-based method of checking 'users' behaviour patterns' at a look by analysing, interpreting and visualizing various user behaviour-based events in a short time, since time information exists in digital devices. Moreover, the range of analyses can be widened since investigators can analyse events through computer and smartphone used most out of all the digital devices, not simply through a single system.