Date of Award


Document Type


Degree Name

Master of Science in Cyber Operations


Department of Electrical and Computer Engineering

First Advisor

Gilbert L. Peterson, PhD


As technology has become pervasive in our lives we record our daily activities both intentionally and unintentionally. Because of this, the amount of potential evidence found on digital media is staggering. Investigators have had to adapt and change their methods of conducting investigations to address the data volume. Digital forensics examiners current process consists of performing string searches to identify potential evidentiary items. Items of interest must then go through association, target comparison, and event reconstruction processes. These are manual and time consuming tasks for an examiner. This thesis presents a user interface that combines both the string searching capabilities that begin an investigation with automated correlation and abstraction into a single timeline visualization. The capability to improve an examiner's process is evaluated on the tools ability to reduce the number of results to sort through while accurately presenting key items for three use cases.

AFIT Designator


DTIC Accession Number