Preparing for Large-Scale Investigations with Case Domain Modeling

In any forensic investigation, planning and analysis activities are required in order to determine what digital media will be seized, what types of information will be sought in the examination, and how the examination will be conducted. Existing literature and suggested practices indicate that such planning should occur, but few tools provide support for such activities. Planning an examination may be an essential activity when investigators and technicians are faced with unfamiliar case types or unusually complex, large-scale cases. In complex, large-scale cases it is critical that the investigators provide computer forensics technicians with the appropriate amount of case data supplemented with keyword lists; too much case data or too little case data can make the forensics technician’s task very difficult. This paper presents the concept for a novel application of ontology/domain modeling (known as case domain modeling) as a structured approach for analyzing case facts, identifying the most relevant case concepts, determining the critical relationships between these concepts, and documenting this information. This method may be considered as a foundational analytical technique in computer forensics that may serve as the basis for useful semi-automated tools. An example case domain model is presented, the method for constructing a case domain model is described, and applications for case domain modeling are presented.

[1]  Natalya F. Noy,et al.  The state of art in ontology design , 1997 .

[2]  David A. Dampier,et al.  Knowledge discovery and experience modeling in computer forensics media analysis , 2004, ISICT.

[3]  Carole D. Hafner,et al.  The State of the Art in Ontology Design: A Survey and Comparative Review , 1997, AI Mag..

[4]  정인기,et al.  [서평]「Applying UML and Patterns - An Introduction to Object-Oriented Analysis and Design」 , 1998 .

[5]  Michael Uschold,et al.  Ontologies: principles, methods and applications , 1996, The Knowledge Engineering Review.

[6]  Rubén Prieto-Díaz,et al.  A faceted approach to building ontologies , 2003, Proceedings Fifth IEEE Workshop on Mobile Computing Systems and Applications.

[7]  Peter Stephenson Applying DIPL to an Incident Post Mortem , 2003 .

[8]  Rubén Prieto Díaz A Faceted Approach to Building Ontologies. , 2003 .

[9]  Roger S. Pressman,et al.  Software Engineering: A Practitioner's Approach , 1982 .

[10]  R S Pressman,et al.  Software engineering: a practitioner's approach (2nd ed.) , 1986 .

[11]  Eugene H. Spafford,et al.  Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..

[12]  Megan Carney,et al.  The Trojan Made Me Do It: A First Step in Statistical Based Computer Forensics Event Reconstruction , 2004, Int. J. Digit. EVid..

[13]  Deborah L. McGuinness,et al.  OWL Web ontology language overview , 2004 .

[14]  David A. Dampier,et al.  Modeling Evidence Recovery from Digital Media , 2005 .

[15]  Nicole Beebe,et al.  A hierarchical, objectives-based framework for the digital investigations process , 2005, Digit. Investig..

[16]  Peter Stephenson Application Of Formal Methods To Root Cause Analysis of Digital Incidents , 2004, Int. J. Digit. EVid..

[17]  Venansius Baryamureeba,et al.  The Enhanced Digital Investigation Process Model , 2004 .

[18]  Ruibin Gong,et al.  Case-Relevance Information Investigation: Binding Computer Intelligence to the Current Computer Forensic Framework , 2005, Int. J. Digit. EVid..

[19]  Craig Larman,et al.  Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and the Unified Process , 2001 .

[20]  Mattia Monga,et al.  How to Reuse Knowledge about Forensic Investigations , 2004 .

[21]  Balakrishnan Chandrasekaran,et al.  What are ontologies, and why do we need them? , 1999, IEEE Intell. Syst..

[22]  Neil Iscoe,et al.  Domain modeling for software engineering , 1991, [1991 Proceedings] 13th International Conference on Software Engineering.

[23]  Craig Larman,et al.  Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and Iterative Development (3rd Edition) , 1997 .