Document Type

Article

Publication Date

2011

Subject: LCSH

Cyber forensics, Computer forensics

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security

Abstract

The construction of timelines of computer activity is a part of many digital investigations. These timelines of events are composed of traces of historical activity drawn from system logs and potentially from evidence of events found in the computer file system. A potential problem with the use of such information is that some of it may be inconsistent and contradictory thus compromising its value. This work introduces a software tool (CAT Detect) for the detection of inconsistency within timelines of computer activity. We examine the impact of deliberate tampering through experiments conducted with our prototype software tool. Based on the results of these experiments, we discuss techniques which can be employed to deal with such temporal inconsistencies.

Comments

Dr. Baggili was appointed to the University of New Haven’s Elder Family Endowed Chair in 2015.

© 2011 Marrington, Baggili, Mohay & Clark. Published by Elsevier Ltd. All rights reserved. Posted with permission.

DOI

10.1016/j.diin.2011.05.007

Publisher Citation

Marrington, A., Baggili, I., Mohay, G., & Clark, A. (2011). CAT Detect (Computer Activity Timeline Detection): A Tool for Detecting Inconsistency in Computer Activity Timelines. Digital Investigation, 8, S52-S61 http://dfrws.org/2011/proceedings/11-343.pdf

 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.