Semantic Modelling of Digital Forensic Evidence

Chain of custody of digital evidence in digital forensic field are today essential part of digital investigation process. In order the evidence to be accepted by the court as valid, chain of custody for digital evidence must be kept, or it must be known who exactly, when, where, why and how came into contact with evidence in each stage of the digital investigations process. This paper deals with digital evidence and chain of custody of digital evidence. Authors define taxonomy and use an ontological approach to manage chain of custody of digital evidence. The aim of this paper was to develop ontology to provide a new approach to study and better understand chain of custody of digital evidence . Additionally, developed ontology can be used as a method to further develop a set of standard and procedures for secure management with digital evidence.

Proceedings of the …, 2004

The paper deals with the latest application of natural language processing (NLP), specifically of ontological semantics (ONSE) to natural language information assurance and security (NL IAS). It demonstrates how the existing ideas, methods, and resources of ontological ...

Journal of Mathematical Sciences: Advances and Applications, 2019

Ontology has become a fundamental and critical component for developing different applications on the Web. With the phenomenal growth of the Web resources, to generate automatically ontologies by using existing documents on the Web has gotten more and more attention. Forensic medicine ontology is used to narrate and reason the knowledge of a forensic domain. Previous studies for constructing forensic medicine ontologies have not automatically constructed by using all the semantic features of the Web documents. Hereby, it is difficult to rapidly construct an instance and property elements of ontology from the Web documents that are increasing daily. This paper focuses on the ontology generation method from forensic inquest documents structured on the Web. In order to generate most ontology elements for reasoning, we discuss how to generate hierarchical relationships, non-hierarchical relationships, and property elements based on structural and semantic characteristics of forensic inquest report. An empirical investigation of our method has proved the effectiveness of forensic medicine ontology generation. Experimental results show that our ontology generation method can generate with high quality rapidly and correctly important instances and properties of a forensic domain.

Digital Investigation, 2009

This paper presents DIALOG (Digital Investigation Ontology); a framework for the management, reuse, and analysis of Digital Investigation knowledge. DIALOG provides a general, application independent vocabulary that can be used to describe an investigation at different levels of detail. DIALOG is defined to encapsulate all concepts of the digital forensics field and the relationships between them. In particular, we concentrate on the Windows Registry, where registry keys are modeled in terms of both their structure and function. Registry analysis software tools are modeled in a similar manner and we illustrate how the interpretation of their results can be done using the reasoning capabilities of ontology.

Elektronika ir Elektrotechnika

The creation of an ontology makes it possible to form common information structures, to reuse knowledge, to make assumptions within a domain and to analyse every piece of knowledge. In this paper, we aim to create an ontologybased transformation model and a framework to develop an ontology-based transformation system in the digital forensics domain. We describe the architecture of the ontology-based transformation system and its components for assisting computer forensics experts in the appropriate selection of tools for digital evidence investigation. We consider the use of the attributes of Extensible Markup Language document transformation to map the computer forensics ontology and we use the representations in the National Institute of Standards and Technology's "Computer Forensics Tool Catalog" for aligning one form with the other.

2016

Online Social Networks (OSNs) are nowadays being used widely and intensively for crime investigation and prevention activities. As they provide a lot of information they are used by the law enforcement and intelligence. An extensive review on existing solutions and models for collecting intelligence from this source of information and making use of it for solving crimes has been presented in this article. The main focus is on smart solutions and models where ontologies have been used as the main approach for representing criminal domain knowledge. A framework for a prototype ontology named SC-Ont will be described. This defines terms of the criminal domain ontology and the relations between them. The terms and the relations are extracted during both this review and the discussions carried out with domain experts. The development of SC-Ont is still ongoing work, where in this paper, we report mainly on the motivation for using smart ontology models and the possible benefits of using ...

International Conference on Advances in Information Mining and Management, 2013

The analysis of digital media and particularly texts acquired in the context of police securing/seizure is currently a very time-consuming, error-prone and largely manual process. Nevertheless, such analysis are often crucial for finding evidential information in criminal proceedings in general as well as fulfilling any judicial investigation mandate. Therefore, an integrated computational solution for supporting the analysis and subsequent evaluation process is currently developed by the authors. In this work, we present an approach for categorizing texts with adjustable precision combining rule-based decision formula and machine learning techniques. Furthermore, we introduce a text processing pipeline for deep analysis of forensic texts as well as an approach for the identification of criminological roles.

2018

Fusion the direct and indirect evidences with crime knowledge base is important challenge in Automate the crime-solving processes. So, this paper proposed SCIS (Semantic Crime Investigation System), which supports investigator to take a certainty decision based on result of the fusion. The solution proposed in this paper (SCIS) used Ontology re-engineering to create Crime Universal Ontology which includes kinesics Ontology. Also SCIS applied sentiment analysis and image processing techniques. These concepts work together in SCIS in three phases to support the investigator by detailed collected report. The investigator can use SCIS as a mobile application. The proposed system is Automatic, mobile, general, scalable and fast system. Finally, in this paper there is a real case study.

2012

— Intelligence analysts rely on reports that are subject to many varieties of uncertainty, such as noise in sensors; deception or error by human sources; or cultural misunderstanding. To be effective, intelligence analysts must understand the relationship between reports, the events or situations reported upon, and the hypotheses of interest to which those events or situations are evidential. Computerized support for intelligence analysts must provide assistance for managing evidential reasoning. For this purpose, computational representations are needed for categories and relationships related to evidential reasoning, such as hypotheses, evidence, arguments, sources, and credibility. This paper describes some of the entities and relationships that belong in an ontology of evidence, and makes the case for the fundamental importance of a carefully engineered ontology of evidence to the enterprise of intelligence analysis. Index Terms — Evidence, probabilistic ontologies, intelligence...

2014

Mobile devices are a popular means for planning, appointing and conducting criminal offences. In particular, short messages (SMS) and chats often contain evidential information. Due to the terms of their use, these types of messages are fundamentally different from other forms of written communication in terms of their grammatical and syntactic structure. Due to the low price of media storage, messages are rarely deleted. On one hand, this fact is quite positive as possible evidential information is not lost. On the other hand, considering only SMSs, 15,000 and more on only one cell phone is not uncommon. In the most cases of organized or gang crime, there is not one but many devices in use. Analysing this huge amount of messages manually is time consuming and therefore not economically justifiable in the cases of small and medium crimes. In this work, we propose a process chain that enables to decrease the analysis and evaluation time dramatically by reducing the messages which need to be examined manually.