%0 Conference Proceedings
%T Automated Collection and Correlation of File Provenance Information
%+ Air Force Institute of Technology
%A Good, Ryan
%A Peterson, Gilbert
%Z Part 7: Forensic Techniques
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 13th IFIP International Conference on Digital Forensics (DigitalForensics)
%C Orlando, FL, United States
%Y Gilbert Peterson
%Y Sujeet Shenoi
%I Springer International Publishing
%3 Advances in Digital Forensics XIII
%V AICT-511
%P 269-284
%8 2017-01-30
%D 2017
%R 10.1007/978-3-319-67208-3_15
%K File provenance
%K Windows operating systems
%K Forensic timelines
%Z Computer Science [cs]Conference papers
%X The provenance of a file is a detailing of its origins and activities. Tools have been developed that help maintain the provenance of files. However, these tools require prior installation on a computer of interest before and while provenance-generating events occur. The automated tool described in this chapter can reconstruct the provenance of a file from a variety of artifacts. It identifies relevant temporal and user correlations between the artifacts and presents them to an investigator. Results from six use cases demonstrate that these correlations are reliable and valuable in digital forensic investigations.
%G English
%Z TC 11
%Z WG 11.9
%2 https://inria.hal.science/hal-01716392/document
%2 https://inria.hal.science/hal-01716392/file/456364_1_En_15_Chapter.pdf
%L hal-01716392
%U https://inria.hal.science/hal-01716392
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-DF
%~ IFIP-WG11-9
%~ IFIP-AICT-511