A Hybrid Methodology Approach for Fraud Detection Using Event Correlation Approach

To effectively investigate mass of events oriented data, automated methods for extracting event records and then classifying events and patterns of events into higher level terminology and vocabulary are necessary. Semantically rich representation model and automated methods of correlating event information expressed in such models are becoming a necessity. The Event Correlation for Forensics (ECF) framework was developed with the strategic objective “to develop a means by which a consolidated repository of event information can be constituted and then queried in order to provide an investigator with post hoc event correlation. Key words: Semantics, Correlation, Digital Forensic DOI: 10.17762/ijritcc2321-8169.15083

Digital Forensics Event Graph Reconstruction

Ontological data representation and data normalization can provide a structured way to correlate digital artifacts. This can reduce the amount of data that a forensics examiner needs to process in order to understand the sequence of events that happened on the system. However, ontology processing suffers from large disk consumption and a high computational cost. This paper presents Property Graph Event Reconstruction (PGER), a novel data normalization and event correlation system that leverages a native graph database to improve the speed of queries common in ontological data. PGER reduces the processing time of event correlation grammars and maintains accuracy over a relational database storage format

Automatic log parser to support forensic analysis

Event log parsing is a process to split and label each field in a log entry. Existing approaches commonly use regular expressions or parsing rules to extract the fields. However, such techniques are time-consuming as a forensic investigator needs to define a new rule for each log file type. In this paper, we present a tool, namely nerlogparser, to parse the log entries automatically, where log parsing is modeled as a named entity recognition problem. We use a deep machine learning technique, specifically the bidirectional long short-term memory networks, as the underlying architecture for this purpose. Unlike existing tools, nerlogparser is a fully automatic tool as the investigators do not need to define any parsing rules and it is generic as there is only one model to parse various types of log files. Experimental results show that nerlogparser achieves superior performance compared with other traditional machine learning methods

Reconstruction et analyse sémantique de chronologies cybercriminelles

International audienceLa reconstruction de scénarios est l’une des étapes les plus importantes d’une investigation numérique. Elle permet aux enquêteurs d’avoir une vue des évènements survenus durant un incident. La reconstruction de scénarios est une tâche complexe requérant l’étude d’un très grand nombre d’évènements en raison de l’omniprésence des nouvelles technologies dans notre quotidien. De plus, les conclusions produites se doivent de respecter les critères fixés par la justice. Afin de répondre à ces challenges, nous proposons une nouvelle méthodologie, basée sur une ontologie intégrant les connaissances d’experts des domaines de la criminalistique et de l’ingénierie logicielle, permettant d’assister les enquêteurs tout au long du processus d’enquête

Automatic log parser to support forensic analysis

Event log parsing is a process to split and label each field in a log entry. Existing approaches commonly use regular expressions or parsing rules to extract the fields. However, such techniques are time-consuming as a forensic investigator needs to define a new rule for each log file type. In this paper, we present a tool, namely nerlogparser, to parse the log entries automatically, where log parsing is modeled as a named entity recognition problem. We use a deep machine learning technique, specifically the bidirectional long short-term memory networks, as the underlying architecture for this purpose. Unlike existing tools, nerlogparser is a fully automatic tool as the investigators do not need to define any parsing rules and it is generic as there is only one model to parse various types of log files. Experimental results show that nerlogparser achieves superior performance compared with other traditional machine learning methods

AN EVENT ORIENTED APPROACH TO DIGITAL FORENSICS FOR TRACKING CRIMINALS

In this paper, we present a framework for digital forensics that includes an investigation process model  based on physical crime scene procedures. In this model, each digital device is considered a digital crime scene, which is included in the physical crime scene where it is located. The investigation includes the preservation of the system, the search for digital evidence, and the reconstruction of digital events. The focus of the investigation is on the reconstruction of events using evidence so that hypotheses can be developed and tested. This paper also includes definitions and descriptions of the basic and core concepts that the framework uses

La Salle University Graduate Catalog 2015-2016

https://digitalcommons.lasalle.edu/course_catalogs/1202/thumbnail.jp

La Salle University Graduate Catalog 2014-2015

https://digitalcommons.lasalle.edu/course_catalogs/1200/thumbnail.jp