An Ontology for Digital Forensics in IT Security Incidents - OPUS
An Ontology for Digital Forensics in IT Security Incidents - OPUS
An Ontology for Digital Forensics in IT Security Incidents - OPUS
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
44 CHAPTER 6. FORENSIC ONTOLOGY<br />
<strong>for</strong>:hasForensicTool<br />
<strong>for</strong>:hasTimestamp<br />
rdfs:range<br />
rdfs:doma<strong>in</strong><br />
rdfs:doma<strong>in</strong><br />
rdfs:range<br />
<strong>for</strong>:ForensicTool<br />
<strong>for</strong>:ForensicObject<br />
<strong>for</strong>:Timestamp<br />
Figure 6.1: Forensic Object<br />
hw:Memory<br />
hw:Harddisk<br />
rdfs:subClassOf<br />
rdfs:subClassOf<br />
rdfs:subClassOf<br />
hw:Hardware<br />
hw:NIC<br />
Figure 6.2: Hardware<br />
6.3 Software<br />
The next category that comes to m<strong>in</strong>d when structur<strong>in</strong>g a computer is the<br />
software. The generic software parts are the Kernel, the Resources, and the<br />
ProcessList. This can be seen <strong>in</strong> gure 6.3. Resources stand <strong>for</strong> le handles,<br />
network connections, and other handles the kernel provides. Details <strong>for</strong> the<br />
ProcessList are specied <strong>in</strong> section 6.5.<br />
sw:hasResource<br />
sw:processlist<br />
rdfs:range<br />
rdfs:doma<strong>in</strong><br />
rdfs:doma<strong>in</strong><br />
rdfs:range<br />
sw:Resource<br />
sw:Kernel<br />
pro:ProcessList<br />
Figure 6.3: Software