Date of Award

3-23-2018

Document Type

Thesis

Degree Name

Master of Science in Computer Science

Department

Department of Electrical and Computer Engineering

First Advisor

Gilbert L. Peterson, PhD.

Abstract

Ontological data representation and data normalization can provide a structured way to correlate digital artifacts. This can reduce the amount of data that a forensics examiner needs to process in order to understand the sequence of events that happened on the system. However, ontology processing suffers from large disk consumption and a high computational cost. This paper presents Property Graph Event Reconstruction (PGER), a novel data normalization and event correlation system that leverages a native graph database to improve the speed of queries common in ontological data. PGER reduces the processing time of event correlation grammars and maintains accuracy over a relational database storage format.

AFIT Designator

AFIT-ENG-MS-18-M-058

DTIC Accession Number

AD1056209

Recommended Citation

Schelkoph, Daniel J., "Digital Forensics Event Graph Reconstruction" (2018). Theses and Dissertations. 1822.
https://scholar.afit.edu/etd/1822

Download

Included in

Computer and Systems Architecture Commons, Data Storage Systems Commons

COinS

Theses and Dissertations

Digital Forensics Event Graph Reconstruction

Date of Award

Document Type

Degree Name

Department

First Advisor

Abstract

AFIT Designator

DTIC Accession Number

Recommended Citation

Included in

Search

Browse

Author Corner

Theses and Dissertations

Digital Forensics Event Graph Reconstruction

Author

Date of Award

Document Type

Degree Name

Department

First Advisor

Abstract

AFIT Designator

DTIC Accession Number

Recommended Citation

Included in

Share

Search

Browse

Author Corner