10.1109/ISDFS65363.2025.11012113">
 

Focus: A One-vs-All Resolution Strategy for Temporal Metadata Analysis

Document Type

Conference Proceeding

Publication Date

4-24-2025

Abstract

In digital forensics, temporal metadata analysis involves collecting, examining, and extracting time-related trace data to find answers to investigative questions. To answer questions, experts apply platform-specific knowledge to identify and group corroborating traces. This paper extends previous work with rule-based binary classifiers by introducing a novel resolution strategy inspired by human expert methods of analyzing temporal metadata. The presented approach represents expert knowledge as rule-based binary classifiers to group patterns associated with specific activities and leverages these rules over time similar to how experts reason over the same data. Focus distinguishes itself by dynamically highlighting the most relevant label from each classifier by creating a working and long-term memory of the most relevant classifier based on rules with weighted values that increase and decrease over time. The system is evaluated across 10 scenarios on a Windows 10 workstation. Results show a 190% increase in F1 score from 0.31 to 0.90, highlighting the efficacy of Focus as an OvA resolution strategy for temporal metadata machine learning classification applications.

Comments

This conference paper is available from IEEE by subscription or purchase by using the DOI link below.

Source Publication

2025 13th International Symposium on Digital Forensics and Security (ISDFS)

This document is currently not available here.

Share

COinS