Research Article
Semantic Modelling of Digital Forensic Evidence
@INPROCEEDINGS{10.1007/978-3-642-19513-6_13, author={Damir Kahvedžić and Tahar Kechadi}, title={Semantic Modelling of Digital Forensic Evidence}, proceedings={Digital Forensics and Cyber Crime. Second International ICST Conference, ICDF2C 2010, Abu Dhabi, United Arab Emirates, October 4-6, 2010, Revised Selected Papers}, proceedings_a={ICDF2C}, year={2012}, month={5}, keywords={Ontology Investigation Results Modelling Reporting}, doi={10.1007/978-3-642-19513-6_13} }- Damir Kahvedžić
Tahar Kechadi
Year: 2012
Semantic Modelling of Digital Forensic Evidence
ICDF2C
Springer
DOI: 10.1007/978-3-642-19513-6_13
Abstract
The reporting of digital investigation results are traditionally carried out in prose and in a large investigation may require successive communication of findings between different parties. Popular forensic suites aid in the reporting process by storing provenance and positional data but do not automatically encode why the evidence is considered important. In this paper we introduce an evidence management methodology to encode the semantic information of evidence. A structured vocabulary of terms, ontology, is used to model the results in a logical and predefined manner. The descriptions are application independent and automatically organised. The encoded descriptions aim to help the investigation in the task of report writing and evidence communication and can be used in addition to existing evidence management techniques.