The usage of Information and Communication Technologies (ICTs) pervades everyday's life. If it is true that ICT contributed to im- prove the quality of our life, it is also true that new forms of (cyber)crime have emerged in this setting. The diversity and amount of information forensic investigators need to cope with, when tackling a cyber-crime case, call for tools and techniques where knowledge is the main actor. Current approaches leave to the investigator the chore of integrating the diverse sources of evidence relevant for a case thus hindering the auto- matic generation of reusable knowledge. This paper describes an archi- tecture that lifts the classical phases of a digital forensic investigation to a knowledge-driven setting. We discuss how the usage of languages and technologies originating from the Semantic Web proposal can comple- ment digital forensics tools with knowledge as a first-class citizen. Our architecture enables to perform in an integrated way complex forensic investigations and, as a by-product, build a knowledge base that can be consulted to gain insights from previous cases. Our proposal has been inspired by real-world scenarios emerging in the context of an Italian research project about cyber security.
Knowledge-driven digital forensics / Cuzzocrea, A.; Pirro', Giuseppe. - (2015), pp. 36-47. (Intervento presentato al convegno 23rd Italian Symposium on Advanced Database Systems, SEBD 2015 tenutosi a Hotel Mirasole International, ita).
Knowledge-driven digital forensics
Pirro' Giuseppe
2015
Abstract
The usage of Information and Communication Technologies (ICTs) pervades everyday's life. If it is true that ICT contributed to im- prove the quality of our life, it is also true that new forms of (cyber)crime have emerged in this setting. The diversity and amount of information forensic investigators need to cope with, when tackling a cyber-crime case, call for tools and techniques where knowledge is the main actor. Current approaches leave to the investigator the chore of integrating the diverse sources of evidence relevant for a case thus hindering the auto- matic generation of reusable knowledge. This paper describes an archi- tecture that lifts the classical phases of a digital forensic investigation to a knowledge-driven setting. We discuss how the usage of languages and technologies originating from the Semantic Web proposal can comple- ment digital forensics tools with knowledge as a first-class citizen. Our architecture enables to perform in an integrated way complex forensic investigations and, as a by-product, build a knowledge base that can be consulted to gain insights from previous cases. Our proposal has been inspired by real-world scenarios emerging in the context of an Italian research project about cyber security.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.