An Ontology for Digital Forensics in IT Security Incidents - OPUS
Share Embed Flag
Download ePaper

An Ontology for Digital Forensics in IT Security Incidents - OPUS

An Ontology for Digital Forensics in IT Security Incidents - OPUS An Ontology for Digital Forensics in IT Security Incidents - OPUS

opus.bibliothek.uni.augsburg.de
from opus.bibliothek.uni.augsburg.de More from this publisher
15.01.2014 Views

10 CHAPTER 2. RELATED WORK investigator to get a fast overview of the available hard disk. It is based on PyFlag[Cohen, 2012] which uses The Sleuth Kit[Carrier, 2012a] to extract the data from the hard drive respectively the image of the hard drive. An ontology and the associated data storage is preferred to a relational database concept because the relational database was not built for storing graph structures[Neo Technology, Inc., 2006].

Chapter 3 Goal Forensic Semantic Model This chapter explains what this work is about. Additionally it introduces the example that will be used throughout this work. 3.1 Ontology The goal is to create an ontology, a data store, a program to ll the data store, and several queries that allow the examiner to obtain conclusive evidence fast and easily. In the end, only the sources to obtain the data from have to be selected and the program extracts the necessary information and puts it into the appropriate structure. After the data was imported into the data store the examiner can query for evidence. If not marked otherwise the term ontology stands for the one that is introduced in this work. It is intended to make the gathering of data and the extraction of evidence faster and more eectively. One positive side eect of the automatic importing is that there is no need to know every option of every tool involved, so even novice users can use the program to gather evidence and the forensic expert can concentrate on more dicult tasks. Another point is that multiple users can access the data store so numerous examiners can work together on one case. The procedure is mainly intended for the fast examination of cases that incident response teams have to take care of. A requirement from the ontology is that it has to be customizable for special needs. This can be relevant if additional information is required that is not yet represented yet. An example for this is explained in section 4.2.3.3. The tools that provide the information collected in the data store have to be interchangeable, what is another important fact. This allows examiners to use the tools they are familiar with. The idea is to build an ontology which represents the forensically interesting parts of a computer system. Chapter 4 will explain how to extract which part of information and why they are interesting. The information is 11

10 CHAPTER 2. RELATED WORK<br />

<strong>in</strong>vestigator to get a fast overview of the available hard disk. It is based on<br />

PyFlag[Cohen, 2012] which uses The Sleuth Kit[Carrier, 2012a] to extract<br />

the data from the hard drive respectively the image of the hard drive.<br />

<strong>An</strong> ontology and the associated data storage is preferred to a relational<br />

database concept because the relational database was not built <strong>for</strong> stor<strong>in</strong>g<br />

graph structures[Neo Technology, Inc., 2006].

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!