Automated Collection and Correlation of File Provenance Information - Advances in Digital Forensics XIII
Conference Papers Year : 2017

Automated Collection and Correlation of File Provenance Information

Ryan Good
  • Function : Author
Air Force Institute of Technology
Gilbert Peterson
  • Function : Author
  • PersonId : 1028688
Air Force Institute of Technology

Abstract

The provenance of a file is a detailing of its origins and activities. Tools have been developed that help maintain the provenance of files. However, these tools require prior installation on a computer of interest before and while provenance-generating events occur. The automated tool described in this chapter can reconstruct the provenance of a file from a variety of artifacts. It identifies relevant temporal and user correlations between the artifacts and presents them to an investigator. Results from six use cases demonstrate that these correlations are reliable and valuable in digital forensic investigations.

Domains

Computer Science [cs]
Fichier principal
Vignette du fichier
456364_1_En_15_Chapter.pdf (139 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Hal Ifip  : Connect in order to contact the contributor

https://inria.hal.science/hal-01716392

Submitted on : Friday, February 23, 2018-3:49:47 PM

Last modification on : Friday, February 23, 2018-3:52:13 PM

Long-term archiving on : Friday, May 25, 2018-6:27:51 AM

Download

Dates and versions

hal-01716392 , version 1 (23-02-2018)

Licence

Attribution

Identifiers

Cite

Ryan Good, Gilbert Peterson. Automated Collection and Correlation of File Provenance Information. 13th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2017, Orlando, FL, United States. pp.269-284, ⟨10.1007/978-3-319-67208-3_15⟩. ⟨hal-01716392⟩

Export

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

IFIP-LNCS IFIP IFIP-AICT IFIP-TC IFIP-WG IFIP-TC11 IFIP-DF IFIP-WG11-9 IFIP-AICT-511
116 View
127 Download

Altmetric

Share

More