An Ontology for Digital Forensics in IT Security Incidents - OPUS

More documents

Recommendations

Info

32 CHAPTER 5. ONTOLOGY Person name private address private phone Name Address PhoneNumber first name last name title street city street number zip code area code phone number Text Number Figure 5.1: Address book ontology the characteristics of the concepts. In the address book example the rst and last name are properties of the class name and street, city and zip code are properties of the address. The restrictions constrain the applicability of the properties. The properties can be thought of as the edges that connect the nodes of a directed graph. The restrictions limit what types of edges are allowed between what types of nodes. In the example it would not make any sense if the edge that represents the property for the rst name would be allowed to connect nodes of the type address and person. One possibility for the address book ontology is shown in gure 5.1. An instance of the structure of the example ontology that describes the address book entry of a specic person may look similar to gure 5.2. P1 Person name private address private phone Nm1 Name A1 Address PN1 PhoneNumber last name title first name city street zip code street number phone number area code Doe Dr John Sampleville Samplestreet 0815 42 0690 555 type type type type type type type type type Text Number Figure 5.2: Address book instance
5.1. ONTOLOGY BASICS 33 To store an ontology as text it can be described by triples. Triples consist of subject, predicate and object. For example in User1|name|Administrator User1 is the subject name is predicate and Administrator is object. A text representation of the ontology from gure 5.1 is shown in listing 5.1. The instance from gure 5.2 can be written with tuples as shown in listing 5.2. Subject Predicate Object " Person " " name " " Name " " Name " " first name " " Text " " Name " " last name " " Text " " Name " " title " " Text " " Person " " private address " " Address " " Address " " street " " Text " " Address " " street number " " Number " " Address " " city " " Text " " Address " " zip code " " Number " " Person " " private phone " " PhoneNumber " " PhoneNumber " " area code " " Number " " PhoneNumber " " phone number " " Number " Listing 5.1: Address book triples Subject Predicate Object " P1 " " type " " Person " " P1 " " name " " Nm1 " " Nm1 " " type " " Name " " Nm1 " " first name " " John " " John " " type " " Text " " Nm1 " " last name " " Doe " " Doe " " type " " Text " " Nm1 " " title " " Dr " " Dr " " type " " Text " " P1 " " private address " " A1 " " A1 " " type " " Address " " A1 " " street " " Samplestreet " " Samplestreet " " type " " Text " " A1 " " street number " "42" "42" " type " " Number " " A1 " " city " " Sampleville " " Sampleville " " type " " Text " " A1 " " zip code " "0815" "0815" " type " " Number " " P1 " " private phone " " PN1 " " PN1 " " type " " PhoneNumber " " PN1 " " area code " "555" "555" " type " " Number " " PN1 " " phone number " "0690" "0690" " type " " Number " Listing 5.2: Address book instance triples
Page 1: Diplomarbeit An Ontology for Digita
Page 4 and 5: Acknowledgement I would like to tha
Page 6 and 7: 4 CONTENTS 5.1.4 Storage . . . . .
Page 8 and 9: 6 CONTENTS
Page 10 and 11: 8 CHAPTER 1. INTRODUCTION data lead
Page 12 and 13: 10 CHAPTER 2. RELATED WORK investig
Page 14 and 15: 12 CHAPTER 3. GOAL FORENSIC SEMANTI
Page 16 and 17: 14 CHAPTER 3. GOAL FORENSIC SEMANTI
Page 18 and 19: 16 CHAPTER 4. FORENSICS Basic rules
Page 20 and 21: 18 CHAPTER 4. FORENSICS 4.1.2.2 Ran
Page 22 and 23: 20 CHAPTER 4. FORENSICS entry conta
Page 24 and 25: 22 CHAPTER 4. FORENSICS 4.2.3.1 Reg
Page 26 and 27: 24 CHAPTER 4. FORENSICS vulnerable
Page 28 and 29: 26 CHAPTER 4. FORENSICS The fls -m
Page 30 and 31: 28 CHAPTER 4. FORENSICS of the sock
Page 32 and 33: 30 CHAPTER 4. FORENSICS
Page 36 and 37: 34 CHAPTER 5. ONTOLOGY 5.1.1 Creati
Page 38 and 39: 36 CHAPTER 5. ONTOLOGY Resource Des
Page 40 and 41: 38 CHAPTER 5. ONTOLOGY to be Augsbu
Page 42 and 43: 40 CHAPTER 5. ONTOLOGY Gephi and Cy
Page 44 and 45: 42 CHAPTER 5. ONTOLOGY
Page 46 and 47: 44 CHAPTER 6. FORENSIC ONTOLOGY for
Page 48 and 49: 46 CHAPTER 6. FORENSIC ONTOLOGY pro
Page 50 and 51: 48 CHAPTER 6. FORENSIC ONTOLOGY reg
Page 52 and 53: 50 CHAPTER 6. FORENSIC ONTOLOGY 6.9
Page 54 and 55: 52 CHAPTER 6. FORENSIC ONTOLOGY Par
Page 56 and 57: 54 CHAPTER 6. FORENSIC ONTOLOGY
Page 58 and 59: 56 CHAPTER 7. IMPLEMENTATION 7.3 RD
Page 60 and 61: 58 CHAPTER 7. IMPLEMENTATION the co
Page 62 and 63: 60 CHAPTER 7. IMPLEMENTATION 1 SELE
Page 64 and 65: 62 CHAPTER 7. IMPLEMENTATION Anothe
Page 66 and 67: 64 CHAPTER 7. IMPLEMENTATION 7.8 St
Page 68 and 69: 66 CHAPTER 8. EVALUATION 6. The las
Page 70 and 71: 68 CHAPTER 8. EVALUATION key (CTEMO
Page 72 and 73: 70 CHAPTER 9. SUMMARY after some is
Page 74 and 75: 72 APPENDIX A. EXTRACTION TOOL LIST
Page 76 and 77: 74 APPENDIX A. EXTRACTION TOOL LIST
Page 78 and 79: 76 APPENDIX B. FORENSIC TOOLS OUTPU
Page 80 and 81: 78 APPENDIX C. SCREENSHOTS Figure C
Page 82 and 83: 80 APPENDIX C. SCREENSHOTS Figure C
Page 84 and 85:
82 APPENDIX C. SCREENSHOTS Figure C
Page 86 and 87:
84 APPENDIX C. SCREENSHOTS
Page 88 and 89:
86 BIBLIOGRAPHY [Carrier, 2012c] Ca
Page 90 and 91:
88 BIBLIOGRAPHY [Microsoft, 2010] M
Page 92:
90 BIBLIOGRAPHY [W3C, 2004] W3C (20
show all

An Ontology for Digital Forensics in IT Security Incidents - OPUS

Create successful ePaper yourself

Delete template?

Save as template?