An Ontology for Digital Forensics in IT Security Incidents - OPUS

More documents

Recommendations

Info

40 CHAPTER 5. ONTOLOGY Gephi and Cytoscape visualization tools might provide a nicer output but it takes much more time to get them to do what is wanted. 5.2.7 Raptor RDF and GraphViz There is another possibility to create graphical representations of the ontology. Raptor RDF [Beckett, 2013] is a RDF parser that can output the data of the RDF le in the dot format of GraphViz[Ellson et al., 2013]. GraphViz then converts the dot le to an image le. For example, the command rapper -I . -o dot sample.rdf | dot -Tpng -o sample.png converts a RDF le named sample.rdf to a PNG image le called sample.png. All gures in this work that show graphs or graph-like structures are generated from dot les. 5.3 Storage This section presents the two storage possibilities that were used when creating the example implementation. An explanation why there are two and which ones were used in the end is given in section 7.5. 5.3.1 Neo4J Neo4J [Neo Technology, Inc, 2013] is a graph database that is implemented in Java. Graph means property graph. It consists of nodes and relationships. Both of them have properties and the relationships structure the nodes. This structure is visualized in gure 5.3. According to [Neo Technology, Inc., 2006] relational databases do not support the recently upcoming amount of data that is structured in networks. Neo4J is designed to t the requirements of this kind of data. Additionally, the Neo4J database is preferably to be used with semi-structured data. Semi-structured data can be thought of as a table where the entries have few mandatory attributes but many optional ones. But a drawback is that arbitrary queries on structured data are not handled as eciently as in relational databases. This is caused by the network focused design. Neo4J has a graphical web front end which allows interactive browsing of the database. A screenshot of this interface can be found in the appendix in gure C.1. 5.3.2 Sesame Sesame is an open source Java framework for storage and querying of RDF data.[Aduna, 2012] Sesame is a triplestore that is designed for storing and retrieving triples. The web interface allows browsing the stored data and direct SPARQL queries.
5.3. STORAGE 41 Graph records records Relationships Nodes have have Properties Figure 5.3: Neo4J property graph[Neo Technology, Inc, 2013] Sesame is an abstracted architecture that allows the usage of dierent back ends for the storage of the data. Its development helped to uncover and remove unclarities in the RDFS specication.[Broekstra et al., 2002] Details about Sesame are provided in section 7.5.
Page 1: Diplomarbeit An Ontology for Digita
Page 4 and 5: Acknowledgement I would like to tha
Page 6 and 7: 4 CONTENTS 5.1.4 Storage . . . . .
Page 8 and 9: 6 CONTENTS
Page 10 and 11: 8 CHAPTER 1. INTRODUCTION data lead
Page 12 and 13: 10 CHAPTER 2. RELATED WORK investig
Page 14 and 15: 12 CHAPTER 3. GOAL FORENSIC SEMANTI
Page 16 and 17: 14 CHAPTER 3. GOAL FORENSIC SEMANTI
Page 18 and 19: 16 CHAPTER 4. FORENSICS Basic rules
Page 20 and 21: 18 CHAPTER 4. FORENSICS 4.1.2.2 Ran
Page 22 and 23: 20 CHAPTER 4. FORENSICS entry conta
Page 24 and 25: 22 CHAPTER 4. FORENSICS 4.2.3.1 Reg
Page 26 and 27: 24 CHAPTER 4. FORENSICS vulnerable
Page 28 and 29: 26 CHAPTER 4. FORENSICS The fls -m
Page 30 and 31: 28 CHAPTER 4. FORENSICS of the sock
Page 32 and 33: 30 CHAPTER 4. FORENSICS
Page 34 and 35: 32 CHAPTER 5. ONTOLOGY Person name
Page 36 and 37: 34 CHAPTER 5. ONTOLOGY 5.1.1 Creati
Page 38 and 39: 36 CHAPTER 5. ONTOLOGY Resource Des
Page 40 and 41: 38 CHAPTER 5. ONTOLOGY to be Augsbu
Page 44 and 45: 42 CHAPTER 5. ONTOLOGY
Page 46 and 47: 44 CHAPTER 6. FORENSIC ONTOLOGY for
Page 48 and 49: 46 CHAPTER 6. FORENSIC ONTOLOGY pro
Page 50 and 51: 48 CHAPTER 6. FORENSIC ONTOLOGY reg
Page 52 and 53: 50 CHAPTER 6. FORENSIC ONTOLOGY 6.9
Page 54 and 55: 52 CHAPTER 6. FORENSIC ONTOLOGY Par
Page 56 and 57: 54 CHAPTER 6. FORENSIC ONTOLOGY
Page 58 and 59: 56 CHAPTER 7. IMPLEMENTATION 7.3 RD
Page 60 and 61: 58 CHAPTER 7. IMPLEMENTATION the co
Page 62 and 63: 60 CHAPTER 7. IMPLEMENTATION 1 SELE
Page 64 and 65: 62 CHAPTER 7. IMPLEMENTATION Anothe
Page 66 and 67: 64 CHAPTER 7. IMPLEMENTATION 7.8 St
Page 68 and 69: 66 CHAPTER 8. EVALUATION 6. The las
Page 70 and 71: 68 CHAPTER 8. EVALUATION key (CTEMO
Page 72 and 73: 70 CHAPTER 9. SUMMARY after some is
Page 74 and 75: 72 APPENDIX A. EXTRACTION TOOL LIST
Page 76 and 77: 74 APPENDIX A. EXTRACTION TOOL LIST
Page 78 and 79: 76 APPENDIX B. FORENSIC TOOLS OUTPU
Page 80 and 81: 78 APPENDIX C. SCREENSHOTS Figure C
Page 86 and 87: 84 APPENDIX C. SCREENSHOTS
Page 88 and 89: 86 BIBLIOGRAPHY [Carrier, 2012c] Ca
Page 90 and 91: 88 BIBLIOGRAPHY [Microsoft, 2010] M
Page 92:
90 BIBLIOGRAPHY [W3C, 2004] W3C (20
show all

An Ontology for Digital Forensics in IT Security Incidents - OPUS

Create successful ePaper yourself

Delete template?

Save as template?