Tools
Tools
Khan, Muhammad Naeem Ahmed, Chatwin, Chris R and Young, Rupert C D (2007) Extracting Evidence from Filesystem Activity using Bayesian Networks. International Journal of Forensic Computer Science, 2 (1). pp. 50-64. ISSN 1809-9807
Full text not available from this repository.Abstract
This research aims to ascertain fi lesystem access patterns produced by different application programs, and evaluates their potential utility in improving digital forensic analyses. The access patterns produced by the proposed methodology can serve as a decision support system for determining the possible execution of certain applications in the event of computer misuse. For this purpose, we propose the use of a causal Bayesian network that summarizes the most important relationships among integral parameters relating to fi lesystem activities such as access, creation, modifi cation, fi le deletion, audit logs, registry entries and the manner in which the applications manipulate these parameters. Determining the state of a fi lesystem at a particular period of time is vital for conducting digital forensic analyses. Herein, we describe a Bayesian network-based technique to determine the state of a computer fi lesystem in terms of the program execution and fi les manipulated during some specific time period. Specifi cally, we discuss the construction of a Bayesian network from our prior knowledge of the manipulation of the fi lesystem and metadata information by a set of applications. The variations among the execution patterns of different applications indicate that the Bayesian network-based model is an appropriate tool, due to its ability to enable pattern learning and detection, even from an incomplete dataset. The focus of this paper is to highlight the merits of the Bayesian methods for learning, with regard to the techniques used for supervised learning in ordinary neural networks.
| Item Type: | Article |
|---|---|
| Additional Information: | http://www.ijofcs.org/V02N1-P04%20-%20Extracting%20Evidence%20from%20Filesystem.pdf |
| Schools and Departments: | School of Engineering and Informatics > Engineering and Design |
| Depositing User: | Muhammad Naeem Ahmad Khan |
| Date Deposited: | 06 Feb 2012 20:42 |
| Last Modified: | 02 Apr 2012 11:28 |
| URI: | http://sro.sussex.ac.uk/id/eprint/27586 |