An Ontology for Digital Forensics in IT Security Incidents - OPUS
An Ontology for Digital Forensics in IT Security Incidents - OPUS
An Ontology for Digital Forensics in IT Security Incidents - OPUS
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Chapter 7<br />
Implementation<br />
This chapter presents the parts that were implemented and the diculties<br />
that were overcome. At rst an overview of the architecture is outl<strong>in</strong>ed and<br />
then some details of the implementation and used tools are presented.<br />
7.1 Overview<br />
The rst th<strong>in</strong>g that was implemented was the ontology. It consists of the<br />
n<strong>in</strong>e les described <strong>in</strong> chapter 6. Afterwards, a convert<strong>in</strong>g tool was written<br />
<strong>in</strong> Java that converts the output of several <strong>for</strong>ensic tools to RDF les that t<br />
to the ontology denitions specied <strong>in</strong> the RDFS les. Then the RDF les<br />
were then automatically loaded to the selected database. In the end several<br />
SPARQL queries were developed to nd evidence <strong>in</strong> the database.<br />
7.2 RDFS<br />
The structure of the ontology is written with RDFS. The les were generated<br />
with SemanticWorks from section 5.2.1 and later edited by hand with a<br />
normal text editor. A problem when creat<strong>in</strong>g the les was that some tools,<br />
that can create RDF les, <strong>for</strong> example Protégé from section 5.2.2, use OWL<br />
elements or produce too much unneeded elements. A ma<strong>in</strong> problem is that<br />
only few tools support import<strong>in</strong>g other les <strong>for</strong> namespaces as SematicWorks<br />
does.<br />
The structure of the ontology was chosen to be <strong>in</strong>tuitively comprehensible.<br />
It was started from hardware view with the hard disk, the random<br />
access memory and the network <strong>in</strong>terface card. Then the software structures<br />
were modelled as they can be found <strong>in</strong> operat<strong>in</strong>g systems.<br />
55