Research Article
Digital Forensics Event Graph Reconstruction
@INPROCEEDINGS{10.1007/978-3-030-05487-8_10, author={Daniel Schelkoph and Gilbert Peterson and James Okolica}, title={Digital Forensics Event Graph Reconstruction}, proceedings={Digital Forensics and Cyber Crime. 10th International EAI Conference, ICDF2C 2018, New Orleans, LA, USA, September 10--12, 2018, Proceedings}, proceedings_a={ICDF2C}, year={2019}, month={1}, keywords={Graph database Digital forensics Property graph Ontology Event reconstruction}, doi={10.1007/978-3-030-05487-8_10} }- Daniel Schelkoph
Gilbert Peterson
James Okolica
Year: 2019
Digital Forensics Event Graph Reconstruction
ICDF2C
Springer
DOI: 10.1007/978-3-030-05487-8_10
Abstract
Ontological data representation and data normalization can provide a structured way to correlate digital artifacts and reduce the amount of data that a forensics investigator needs to process in order to understand the sequence of events that happened on a system. However, ontology processing suffers from large disk consumption and a high computational cost. This paper presents Property Graph Event Reconstruction (PGER), a data normalization and event correlation system that utilizes a native graph database to store event data. This storage method leverages zero index traversals. PGER reduces the processing time of event correlation grammars by up to a factor of 9.9 times over a system that uses a relational database based approach.