Document Type
Conference Proceeding
Source of Publication
Digital Investigation
Publication Date
1-1-2011
Abstract
The construction of timelines of computer activity is a part of many digital investigations. These timelines of events are composed of traces of historical activity drawn from system logs and potentially from evidence of events found in the computer file system. A potential problem with the use of such information is that some of it may be inconsistent and contradictory thus compromising its value. This work introduces a software tool (CAT Detect) for the detection of inconsistency within timelines of computer activity. We examine the impact of deliberate tampering through experiments conducted with our prototype software tool. Based on the results of these experiments, we discuss techniques which can be employed to deal with such temporal inconsistencies. © 2011 Marrington, Baggili, Mohay & Clark. Published by Elsevier Ltd. All rights reserved.
DOI Link
ISSN
Publisher
Elsevier Ltd
Volume
8
Issue
SUPPL.
First Page
S52
Last Page
S61
Disciplines
Computer Sciences
Keywords
CAT detect, Event correlation, Happened-before, Precondition event, Timeline inconsistency
Scopus ID
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Recommended Citation
Marrington, Andrew; Baggili, Ibrahim; Mohay, George; and Clark, Andrew, "CAT detect (computer activity timeline detection): A tool for detecting inconsistency in computer activity timelines" (2011). All Works. 842.
https://zuscholars.zu.ac.ae/works/842
Indexed in Scopus
yes
Open Access
yes
Open Access Type
Hybrid: This publication is openly available in a subscription-based journal/series