A framework for post-event timeline reconstruction using neural networks

Digital Investigation

Volumn 4, Issue 3-4, 2007, Pages 146-157

  Khan, M N A ^a   Chatwin, C R ^a   Young, R C D ^a  

^a UNIVERSITY OF SUSSEX   (United Kingdom)

Author keywords

Computer forensics; Digital evidence; Digital forensic analysis; Digital investigation; Event reconstruction; Neural networks

Indexed keywords

COMPUTER AIDED SOFTWARE ENGINEERING; DATA HANDLING; FILE ORGANIZATION; HARD DISK STORAGE;

COMPUTER FORENSICS; DIGITAL EVIDENCE; DIGITAL FORENSIC ANALYSIS; DIGITAL INVESTIGATION;

NEURAL NETWORKS;

EID: 40749151829     PISSN: 17422876     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.diin.2007.11.001     Document Type: Article

References (28)

1. Ahmad A, Ruighaver AB. FIRESTORM: exploring the need for a forensic tool for pattern correlation in Windows NT audit logs. Infowar034; 2002.
2. Bishop C.M. Computer security: art and science (2003), Pearson Education, Inc
3. Bishop C.M. Neural networks for pattern recognition (1996), Oxford University Press
4. Buchholz F, Falk C. Design and implementation of Zeitline: a forensic timeline editor. In: Digital forensics research workshop; 2005.
5. Carrier BD. Open source digital forensics tools: the legal argument. .
6. Carbone P.L. Data mining or knowledge discovery in databases: an overview. Data management handbook (1997), Auerbach Publications, New York
7. Carrier B. Defining digital forensic examination and analysis tools using abstraction layers. Int J Digit Evid 1 4 (2003)
8. Cohen W. Fast effective rule induction. In: 12th International conference on machine learning (ICML 95); 1995. p. 115-23.
9. Carrier BD, Spafford EH. Automated digital evidence target definition using outlier analysis and existing evidence. In: Digital forensic research workshop (DFRWS), New Orleans, LA; 2005.
10. Casey E. Error, uncertainty and loss in digital evidence. Int J Dig Evid 1 2 (2002)
11. Carrier B.D., and Spafford E.H. Defining event reconstruction of digital crime scenes. J Forensic Sci 49 6 (2004) 1291-1298
12. Chan PK, Mahoney MV, Arshad MH. A machine learning approach to anomaly detection. Florida Institute of Technology, Melbourne, FL 32901, USA. Technical report CS-2003-06; 2003.
13. DeVel O. File classification using sub-sequence kernels. In: Digital forensic research workshop (DFRWS'03); 2003.
14. Demuth H., and Beale M. Neural network toolbox user's guide (1998), The MathWorks Inc.
15. Elman J.L. Finding structure in time. Cognit Sci 14 (1990) 179-211
16. Goel A, Feng WC, Maier D, Walpole J. Forensix: a robust, high-performance reconstruction system. In: 25th IEEE International Conference on Distributed computing systems workshops; 2005;6(10):155-62.
17. Helman P., and Liepins E.G. Statistical foundations of audit trail analysis for the detection of computer misuse. IEEE Trans Software Eng 19 (1993) 886-901
18. Haykin S. Neural networks: a comprehensive foundation. 2nd ed. (1999), Prentice-Hall, Englewood Cliffs, NJ
19. Hassoun M.H. Fundamentals of artificial neural networks (1995), MIT Press, Cambridge, MA
20. Jeyaraman S., and Atallah M.J. An empirical study of event reconstruction systems. Dig Invest 3 (2006) 108-115
21. King ST, Chen PM. Backtracking intrusions. In: Proceedings of the 2003 symposium on operating systems (SOSP); October 2003.
22. Lodhi H., Saunders C., Shawe-Taylor J., Cristianini N., and Watkins C. Text classification using string kernels. J Mach Learn Res 2 (2002) 419-444
23. Marin J., Ragsdale D., and Sirdu J. A hybrid approach to the profile creation and intrusion detection. Proceedings DARPA information survivability conference and exposition II (DISCEX'01), vol. 1 (2001), IEEE Computer Society, Los Alamitos, CA, USA 69-76
24. McClelland J.L., and Rumelhart D.E. Parallel distributed processing: explorations in the microstructure of cognition. vol. 2, psychological and biological models (1986), MIT Press, Cambridge, MA
25. New Technologies Inc. FileList Pro computer timeline software. .
26. Ryan J., Lin M.J., and Miikkulainen R. Intrusion detection with neural networks. In: Jordan M.I., Kearns M.J., and Solla S.A. (Eds). Advances in Neural Information Processing Systems vol. 10 (1998), The MIT Press, Denver, CO 943-949
27. Stolfo S.J., Apap F., Eskin E., Heller K., Hershkop S., Honig A., et al. A comparative evaluation of two algorithms for windows registry anomaly detection. Journal of Computer Security 13 4 (2005) 659-693
28. Thomas D.S., and Forcht K. Legal methods of using computer forensics techniques for computer crime analysis and investigation. Issues Inform Syst 5 2 (2004)