Automated Timeline Anomaly Detection
Digital forensics is the practice of trained investigators gathering and analyzing evidence from digital devices such as computers and smart phones. On these digital devices, it is possible to change the time on the device for a purpose other than what is intended. Currently there are no documented...
| Main Author: | |
|---|---|
| Format: | Others |
| Published: |
ScholarWorks@UNO
2013
|
| Subjects: | |
| Online Access: | http://scholarworks.uno.edu/td/1609 http://scholarworks.uno.edu/cgi/viewcontent.cgi?article=2716&context=td |
| Summary: | Digital forensics is the practice of trained investigators gathering and analyzing evidence from digital devices such as computers and smart phones. On these digital devices, it is possible to change the time on the device for a purpose other than what is intended. Currently there are no documented techniques to determine when this occurs. This research seeks to prove out a technique for determining when the time has been changed on forensic disk image by analyzing the log files found on the image. Out of this research a tool is created to perform this analysis in automated fashion. This tool is TADpole, a command line program that analyzes the log files on a disk image and determines if a timeline anomaly has occurred. |
|---|