Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security Practice and Experience

ISPEC 2013: Information Security Practice and Experience pp 263–277Cite as

A Digital Forensic Framework for Automated User Activity Reconstruction

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7863))

Abstract

User activity reconstruction is a technique used in digital forensic investigation. Using this technique, digital forensic investigators extract a list of user activities from digital artifacts confiscated at the crime scene. Based on the list, explicit knowledge about the crime, such as motive, method, time, and place, can be deduced. Until now, activity reconstruction has been conducted by manual analysis. This means that the domain of the reconstructed activities is limited to the personal knowledge of the investigators, so the result exhibits low accuracy due to human errors , and the process requires an excessive amount of time. To solve these problems, this paper proposes a digital forensic framework SigDiff for automated user activity reconstruction. This framework uses a signature-based approach. It comprises an activity signature generation module, signature database, digital artifact collection module, and activity reconstruction module. Using SigDiff, the process of user activity reconstruction can be performed accurately with a high retrieval rate and in a reduced time span.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Regional Computer Forensics Laboratory: Annual report for fiscal year 2003-2011 (2011)

    Google Scholar 

  2. Garfinkel, S.L.: Digital forensics research: The next 10 years. Digital Investigation 7, S64–S73 (2010)

    Google Scholar 

  3. Van Dongen, W.S.: Forensic artefacts left by Windows Live Messenger 8.0. Digital Investigation 4(2), 73–87 (2007)

    Article  Google Scholar 

  4. Palmer, G.: A road map for digital forensics research-report from the first Digital Forensics Research Workshop (DFRWS), Utica, New York (2001)

    Google Scholar 

  5. Rowlingson, R.: A ten step process for forensic readiness. International Journal of Digital Evidence 2(3), 1–28 (2004)

    Google Scholar 

  6. Carrier, B.: Defining digital forensic examination and analysis tools using abstraction layers. International Journal of Digital Evidence 1(4), 1–12 (2003)

    MathSciNet  Google Scholar 

  7. EnCase forensic, http://www.guidancesoftware.com/forensic.htm

  8. Forensic toolkit, http://accessdata.com/products/computer-forensics/ftk

  9. Beebe, N.L., Clark, J.G.: Digital forensic text string searching: Improving information retrieval effectiveness by thematically clustering search results. Digital Investigation 4, 49–54 (2007)

    Article  Google Scholar 

  10. log2timeline, http://log2timeline.net/

  11. Teelink, S., Erbacher, R.F.: Improving the computer forensic analysis process through visualization. Communications of the ACM 49(2), 71–75 (2006)

    Article  Google Scholar 

  12. Arnes, A., Haas, P., Vigna, G., Kemmerer, R.: Digital forensic reconstruction and the virtual security testbed ViSe. Detection of Intrusions and Malware & Vulnerability Assessment, 144–163 (2006)

    Google Scholar 

  13. Reust, J.: Case study: AOL instant messenger trace evidence. Digital Investigation 3(4), 238–243 (2006)

    Article  Google Scholar 

  14. Yasin, M., Cheema, A.R., Kausar, F.: Analysis of Internet Download Manager for collection of digital forensic artefacts. Digital Investigation 7(1), 90–94 (2010)

    Article  Google Scholar 

  15. Carvey, H., Altheide, C.: Tracking USB storage: Analysis of windows artifacts generated by USB storage devices. Digital Investigation 2(2), 94–100 (2005)

    Article  Google Scholar 

  16. Oh, J., Lee, S., Lee, S.: Advanced evidence collection and analysis of web browser activity. Digital Investigation 8, S62–S70 (2011)

    Google Scholar 

  17. James, J.I., Gladyshev, P., Zhu, Y.: Signature Based Detection of User Events for Post-mortem Forensic Analysis. Digital Forensics and Cyber Crime, 96–109 (2011)

    Google Scholar 

  18. Hargreaves, C., Patterson, J.: An automated timeline reconstruction approach for digital forensic investigations. Digital Investigation 9, S69–S79 (2012)

    Google Scholar 

  19. Hilbert, D.M., Redmiles, D.F.: Extracting usability information from user interface events. ACM Computing Surveys (CSUR) 32(4), 384–421 (2000)

    Article  Google Scholar 

  20. National Institute of standards and technology, National software reference library, http://www.nsrl.nist.gov/

Download references

Author information

Authors and Affiliations

  1. Division of Computer and Communication Engineering, Korea University, Seoul, Republic of Korea

    Jungin Kang, Sangwook Lee & Heejo Lee

Authors
  1. Jungin Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sangwook Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Heejo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Systems, Singapore Management University, 178902, Singapore, Singapore

    Robert H. Deng

  2. School of Computer and Communication, University of technology, 730050, Lanzhou, China

    Tao Feng

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kang, J., Lee, S., Lee, H. (2013). A Digital Forensic Framework for Automated User Activity Reconstruction. In: Deng, R.H., Feng, T. (eds) Information Security Practice and Experience. ISPEC 2013. Lecture Notes in Computer Science, vol 7863. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38033-4_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38033-4_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38032-7

  • Online ISBN: 978-3-642-38033-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation