Automated Collection and Correlation of File Provenance Information
Document Type
Conference Proceeding
Publication Date
2017
Abstract
The provenance of a file is a detailing of its origins and activities. Tools have been developed that help maintain the provenance of files. However, these tools require prior installation on a computer of interest before and while provenance-generating events occur. The automated tool described in this chapter can reconstruct the provenance of a file from a variety of artifacts. It identifies relevant temporal and user correlations between the artifacts and presents them to an investigator. Results from six use cases demonstrate that these correlations are reliable and valuable in digital forensic investigations.
DOI
10.1007/978-3-319-67208-3_15
Source Publication
Advances in Digital Forensics XIII [IFIP Advances in Information and Communication Technology 511]
Recommended Citation
Good, R., Peterson, G. (2017). Automated Collection and Correlation of File Provenance Information. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XIII. DigitalForensics 2017. IFIP Advances in Information and Communication Technology, vol 511. Springer, Cham. https://doi.org/10.1007/978-3-319-67208-3_15
Comments
© 2017 IFIP International Federation for Information Processing
The "Link to Full Text" on this page opens the article hosted at the SpringerNature website.