View The Document

Accession Number:

AD1166903

Title:

Automated Reconstructions for the Digital Forensic Examiner Workflow

Author(s):

• Montgomery, Ryan P.

Author Organization(s):

• AIR FORCE INSTITUTE OF TECHNOLOGY WRIGHT-PATTERSON AFB OH

Report Date:

2022-03-01

Abstract:

One product of a digital forensics examination is a reconstruction of events recorded in the media. A reconstruction places all of the case relevant trace into temporal, identity and associative relationships. Creating this reconstruction is a manual and time consuming process for the examiner. This thesis presents AIER. AIER integrates automation, abstraction and visualization into the Autopsy forensic software to improve the reconstruction process. The integration utilizes a custom Autopsy ingest module to extract and abstract artifact data and an interactive graph-based timeline visualization module. These improvements to the forensic examiner workflow are evaluated through a series of use cases.

Document Type:

Conference:

Journal:

Pages:

95

File Size:

7.51MB

Contracts:

Grants:

Descriptors:

• web browsers
• computers
• internet of things
• air force
• application software
• computational forensics
• department of defense
• domain specific programming languages
• crime
• data sets
• global positioning systems
• identification
• information systems
• law
• operating systems
• authentication
• computer science

Identifiers:

• digital forensics
• autopsy
• timeline visualization
• forensic examination

SubjectCategory:

• Mathematical and Computer Sciences

Communities of Interest:

• Cyber

Distribution Statement:

Approved For Public Release

View The Document