Authors:
Pavel Chikul
1
;
Hayretdin Bahşi
1
;
2
and
Olaf Maennel
1
Affiliations:
1
Department of Computer Systems, Tallinn University of Technology, Tallinn, Estonia
;
2
School of Informatics, Computing, and Cyber Systems, Northern Arizona University, U.S.A.
Keyword(s):
Digital Forensics, Event Reconstruction, Knowledge Extraction, Forensic Timeline, Forensic Ontology, IoT.
Abstract:
In the era of interconnected devices, digital crime scenes are characterized by their complexity and voluminous data from a plethora of heterogeneous sources. Addressing these twin challenges of data volume and heterogeneity is paramount for effective digital forensic investigations. This paper introduces a pioneering automated approach for the nuanced analysis of intricate cyber-physical crime environments within distributed settings. Central to our method is an event-centric ontology, anchored on the globally recognized UCO/CASE standard. Complementing this ontology is a robust software framework, designed to expedite data extraction processes, and ensure seamless interfacing with the knowledge repository. We demonstrate the usage of the framework on a public dataset, encapsulating a realistic crime scenario populated with diverse IoT devices.