Date of Award
3-23-2017
Document Type
Thesis
Degree Name
Master of Science
Department
Department of Electrical and Computer Engineering
First Advisor
Gilbert L. Peterson, PhD.
Abstract
A file's provenance is a detailing of its origins and activities. There are tools available that are useful in maintaining the provenance of a file. Unfortunately for digital forensics, these tools require prior installation on the computer of interest while provenance generating events happen. The presented tool addresses this by reconstructing a file's provenance from several temporal artifacts. It identifies relevant temporal and user correlations between these artifacts, and presents them to the user. A variety of predefined use cases and real world data are tested against to demonstrate that this software allows examiners to draw useful conclusions about the provenance of a file.
AFIT Designator
AFIT-ENG-MS-17-M-031
DTIC Accession Number
AD1054647
Recommended Citation
Good, Ryan A., "AutoProv: An Automated File Provenance Collection Tool" (2017). Theses and Dissertations. 1574.
https://scholar.afit.edu/etd/1574
Included in
Data Storage Systems Commons, Information Security Commons, Systems and Communications Commons