Document Type
Article
Publication Date
12-2024
Abstract
Digital forensics is a complex field that requires expert knowledge (EK) and specialized tools to collect, analyze, and report on digital evidence. Temporal metadata analysis is particularly challenging, requiring expert knowledge to understand and interpret underlying traces and associate them with their source. This paper introduces Digital Trace Inspector (DTI), a Learning Classifier System (LCS)-based decision support tool for temporal metadata analysis. DTI leverages a binary Michigan-style LCS to locate and group corroborating temporal digital traces of targeted user activity. Rules are built from expert-created atomics encoded as feature vectors using patterns defined in a structured EK rule framework. The system is evaluated on 10 scenarios of typical user behavior on a Windows 10 workstation. Results show that all models achieved perfect recall, had an average F1 score of 0.98, and required little training data.
The authors' graphical abstract is embedded in the Comments area of this record.
Source Publication
Forensic Science International: Digital Investigation (ISSN 2666-2825 | e-ISSN 2666-2817)
Recommended Citation
Todd, M. C., & Peterson, G. L. (2024). Temporal metadata analysis: A learning classifier system approach. Forensic Science International: Digital Investigation, 51, 301842. https://doi.org/10.1016/j.fsidi.2024.301842
Graphical abstract for Temporal metadata analysis: A learning classifier system approach
Comments
This article is published by Elsevier and distributed under the terms of the Creative Commons Attribution-NonCommercial 4.0 License, which permits non-commercial use, reproduction and distribution of the work without further permission provided the original work is attributed. CC BY-NC 4.0
Sourced from the published version of record cited below.
The associated code repository for the prototype of the Digital Trace Inspector is available from the authors at GitHub.