Graph-based Temporal Analysis in Digital Forensics

Author

Nikolai A. Adderley

Date of Award

3-22-2019

Document Type

Thesis

Degree Name

Master of Science in Electrical Engineering

Department

Department of Electrical and Computer Engineering

First Advisor

Gilbert L. Peterson, PhD

Abstract

Establishing a timeline as part of a digital forensics investigation is a vital part of understanding the order in which system events occurred. However, most digital forensics tools present timelines as histogram or as raw artifacts. Consequently, digital forensics examiners are forced to rely on manual, labor-intensive practices to reconstruct system events. Current digital forensics analysis tools are at their technological limit with the increasing storage and complexity of data. A graph-based timeline can present digital forensics evidence in a structure that can be immediately understood and effortlessly focused. This paper presents the Temporal Analysis Integration Management Application (TAIMA) to enhance digital forensics analysis via information visualization (infovis) techniques. TAIMA is a prototype application that provides a graph-based timeline for event reconstruction using abstraction and visualization techniques. A workflow illustration and pilot usability study provided evidence that TAIMA assisted digital forensics specialists in identifying key system events during digital forensics analysis.

AFIT Designator

AFIT-ENG-MS-19-M-005

DTIC Accession Number

AD1073875

Recommended Citation

Adderley, Nikolai A., "Graph-based Temporal Analysis in Digital Forensics" (2019). Theses and Dissertations. 2241.
https://scholar.afit.edu/etd/2241