Intrusion detection with neural networks
NIPS '97 Proceedings of the 1997 conference on Advances in neural information processing systems 10
Neural Networks: A Comprehensive Foundation
Neural Networks: A Comprehensive Foundation
Fundamentals of Artificial Neural Networks
Fundamentals of Artificial Neural Networks
Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse
IEEE Transactions on Software Engineering
Text classification using string kernels
The Journal of Machine Learning Research
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Forensix: A Robust, High-Performance Reconstruction System
ICDCSW '05 Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05) - Volume 02
A comparative evaluation of two algorithms for Windows Registry Anomaly Detection
Journal of Computer Security
An empirical study of automatic event reconstruction systems
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Network forensics based on fuzzy logic and expert system
Computer Communications
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Hi-index | 0.00 |
Post-event timeline reconstruction plays a critical role in forensic investigation and serves as a means of identifying evidence of the digital crime. We present an artificial neural networks based approach for post-event timeline reconstruction using the file system activities. A variety of digital forensic tools have been developed during the past two decades to assist computer forensic investigators undertaking digital timeline analysis, but most of the tools cannot handle large volumes of data efficiently. This paper looks at the effectiveness of employing neural network methodology for computer forensic analysis by preparing a timeline of relevant events occurring on a computing machine by tracing the previous file system activities. Our approach consists of monitoring the file system manipulations, capturing file system snapshots at discrete intervals of time to characterise the use of different software applications, and then using this captured data to train a neural network to recognise execution patterns of the application programs. The trained version of the network may then be used to generate a post-event timeline of a seized hard disk to verify the execution of different applications at different time intervals to assist in the identification of available evidence.