Bruno W. P. Hoelz
ABSTRACT
Most tools used during the forensic examination process emphasize data and metadata extraction without a formal definition of the concepts used in their outputs. These vary not only in the terminology used, but also in the way values are represented. These differences hinder the adoption of computer-assisted analysis, since the elements to be analyzed are not well-defined, requiring ad hoc parsers to process and interpret the output of each tool. A framework for semantic annotation of digital evidence is presented in this work. Semantic annotations use concepts that are defined in an ontology to describe the annotated object. They can replace raw metadata, user-defined labels and tool-specific analysis results with computer-readable, formally defined terms that can be used in semantically advanced queries. The framework's components provide means to extract, analyze and index the contents of the digital evidence. The framework allows the augmentation of a base ontology, by adding domain and case-specific concepts to it. A prototype implementation is described and a case study is conducted to illustrate its potential uses and improvements to the forensic examination process.
- AccessData Forensic Toolkit. http://accessdata.com/products/computer-forensics/ftk, June 2012.Google Scholar
- C. A. Bogen and D. A. Dampier. Preparing for large-scale investigations with case domain modeling. In Digital Forensic Research Workshop, 2005.Google Scholar
- A. Brinson, A. Robinson, and M. Rogers. A cyber forensics ontology: Creating a new approach to studying cyber forensics. Digital Investigation, 3(3S):37--43, 2006. Google ScholarDigital Library
- CIPA DC-008-2010. Exchangeable image file format for digital still cameras: Exif Version 2.3. http://www.cipa.jp/english/hyoujunka/kikaku/pdf/DC-008-2010_E.pdf, 2010.Google Scholar
- S. Dill, N. Eiron, D. Gibson, D. Gruhl, R. Guha, A. Jhingran, T. Kanungo, K. S. Mccurley, S. Rajagopalan, A. Tomkins, J. A. Tomlin, and J. Y. Zien. A case for automated large scale semantic annotations. Journal of Web Semantics, 1:115--132, 2003.Google ScholarCross Ref
- S. R. El-Beltagy, M. Hazman, and A. A. Rafea. Ontology based annotation of text segments. In Proceedings of the 2007 ACM Symposium on Applied Computing, pages 1362--1367. ACM, 2007. Google ScholarDigital Library
- T. R. Gruber. Towards Principles for the Design of Ontologies Used for Knowledge Sharing. In N. Guarino and R. Poli, editors, Formal Ontology in Conceptual Analysis and Knowledge Representation, Deventer, The Netherlands, 1993. Kluwer Academic Publishers.Google Scholar
- D. C. Harrill and R. P. Mislan. A Small Scale Digital Device Forensics ontology. Small Scale Digital Device Forensics Journal, 1, 2007.Google Scholar
- A. Kiryakov, B. Popov, D. Ognyanoff, D. Manov, A. Kirilov, and M. Goranov. Semantic Annotation, Indexing, and Retrieval. In International Semantic Web Conference, volume 2870 of Lecture Notes in Computer Science, pages 484--499. Springer, 2003.Google ScholarDigital Library
- National Institute of Justice. Digital Evidence Analysis: Metadata Analysis and Extraction. http://www.nij.gov/topics/forensics/evidence/digital/analysis/metadata.htm, November 2010.Google Scholar
- N. F. Noy and D. L. McGuinness. Ontology development 101: A guide to creating your first ontology. Technical Report KSL-01-05, Stanford Knowledge Systems Laboratory, 2001.Google Scholar
- E. Oren, K. Möller, S. Scerri, S. Handschuh, and M. Sintek. What are semantic annotations? Technical report, DERI Galway, 2006.Google Scholar
- H. Park, S. Cho, and H.-C. Kwon. Cyber Forensics Ontology for Cyber Criminal Investigation. In M. Sorell, editor, e-Forensics, volume 8 of LNICST, pages 160--165. Springer, 2009.Google Scholar
- J. Ruhnka and J. W. Bagby. Forensic implications of metadata in electronic files. The CPA Journal, 2008.Google Scholar
- A. L. Tanner and D. A. Dampier. An approach for managing knowledge in digital forensic examinations. International Journal of Computer Science and Security, 4(5):451--465, 2010.Google Scholar
- I. Terziev, A. Kiryakov, and D. Manov. Base Upper-level Ontology (BULO) Guidance. Deliverable 1.8.1, SEKT Project, July 2005.Google Scholar
Index Terms
- A framework for semantic annotation of digital evidence
Recommendations
Semantic annotation model definition for systems interoperability
OTM'11: Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systemsSemantic annotation is one of the useful solutions to enrich target's (systems, models, meta-models, etc.) information. There are some papers which use semantic enrichment for different purposes (integration, composition, sharing and reuse, etc.) in ...
The semantic annotated documents: from HTML to the semantic web
CEA'07: Proceedings of the 2007 annual Conference on International Conference on Computer Engineering and ApplicationsThe current circumstance of the Semantic Web is that there is not much of a Semantic Web due to the lack of annotated web pages. There is such a lack because annotating web pages currently does not provide much practical benefit. In this work an ...
Formal and relational concept analysis for fuzzy-based automatic semantic annotation
Semantic annotation is at the core of Semantic Web technology: it bridges the gap between legacy non-semantic web resource descriptions and their elicited, formally specified conceptualization, converting syntactic structures into knowledge structures, ...
Comments