Digital Forensics Tools Integration

Author

Alexander D. Kim

Date of Award

3-19-2020

Document Type

Thesis

Degree Name

Master of Science in Cyber Operations

Department

Department of Electrical and Computer Engineering

First Advisor

Gilbert L. Peterson, PhD

Abstract

As technology has become pervasive in our lives we record our daily activities both intentionally and unintentionally. Because of this, the amount of potential evidence found on digital media is staggering. Investigators have had to adapt and change their methods of conducting investigations to address the data volume. Digital forensics examiners current process consists of performing string searches to identify potential evidentiary items. Items of interest must then go through association, target comparison, and event reconstruction processes. These are manual and time consuming tasks for an examiner. This thesis presents a user interface that combines both the string searching capabilities that begin an investigation with automated correlation and abstraction into a single timeline visualization. The capability to improve an examiner's process is evaluated on the tools ability to reduce the number of results to sort through while accurately presenting key items for three use cases.

AFIT Designator

AFIT-ENG-MS-20-M-031

DTIC Accession Number

AD1095507

Recommended Citation

Kim, Alexander D., "Digital Forensics Tools Integration" (2020). Theses and Dissertations. 3162.
https://scholar.afit.edu/etd/3162